projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add specific connection parameter clear functions
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
e70bb2e8
JH		 91};
92
93static const u16 mgmt_events[] = {
94 MGMT_EV_CONTROLLER_ERROR,
95 MGMT_EV_INDEX_ADDED,
96 MGMT_EV_INDEX_REMOVED,
97 MGMT_EV_NEW_SETTINGS,
98 MGMT_EV_CLASS_OF_DEV_CHANGED,
99 MGMT_EV_LOCAL_NAME_CHANGED,
100 MGMT_EV_NEW_LINK_KEY,
101 MGMT_EV_NEW_LONG_TERM_KEY,
102 MGMT_EV_DEVICE_CONNECTED,
103 MGMT_EV_DEVICE_DISCONNECTED,
104 MGMT_EV_CONNECT_FAILED,
105 MGMT_EV_PIN_CODE_REQUEST,
106 MGMT_EV_USER_CONFIRM_REQUEST,
107 MGMT_EV_USER_PASSKEY_REQUEST,
108 MGMT_EV_AUTH_FAILED,
109 MGMT_EV_DEVICE_FOUND,
110 MGMT_EV_DISCOVERING,
111 MGMT_EV_DEVICE_BLOCKED,
112 MGMT_EV_DEVICE_UNBLOCKED,
113 MGMT_EV_DEVICE_UNPAIRED,
92a25256 114 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 115 MGMT_EV_NEW_IRK,
7ee4ea36 116 MGMT_EV_NEW_CSRK,
8afef092
MH		 117 MGMT_EV_DEVICE_ADDED,
118 MGMT_EV_DEVICE_REMOVED,
ffb5a827 119 MGMT_EV_NEW_CONN_PARAM,
e70bb2e8
JH		 120};
121
17b02e62 122#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 123
4b34ee78
JH		 124#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
125 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
126
eec8d2bc
JH		 127struct pending_cmd {
128 struct list_head list;
fc2f4b13 129 u16 opcode;
eec8d2bc 130 int index;
c68fb7ff 131 void *param;
eec8d2bc 132 struct sock *sk;
e9a416b5 133 void *user_data;
eec8d2bc
JH		 134};
135
ca69b795
JH		 136/* HCI to MGMT error code conversion table */
137static u8 mgmt_status_table[] = {
138 MGMT_STATUS_SUCCESS,
139 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
140 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
141 MGMT_STATUS_FAILED, /* Hardware Failure */
142 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
143 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 144 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 145 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
146 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
147 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
148 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
149 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
150 MGMT_STATUS_BUSY, /* Command Disallowed */
151 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
152 MGMT_STATUS_REJECTED, /* Rejected Security */
153 MGMT_STATUS_REJECTED, /* Rejected Personal */
154 MGMT_STATUS_TIMEOUT, /* Host Timeout */
155 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
156 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
157 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
158 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
159 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
160 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
161 MGMT_STATUS_BUSY, /* Repeated Attempts */
162 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
163 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
164 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
165 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
166 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
167 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
168 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
169 MGMT_STATUS_FAILED, /* Unspecified Error */
170 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
171 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
172 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
173 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
174 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
175 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
176 MGMT_STATUS_FAILED, /* Unit Link Key Used */
177 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
178 MGMT_STATUS_TIMEOUT, /* Instant Passed */
179 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
180 MGMT_STATUS_FAILED, /* Transaction Collision */
181 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
182 MGMT_STATUS_REJECTED, /* QoS Rejected */
183 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
184 MGMT_STATUS_REJECTED, /* Insufficient Security */
185 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
186 MGMT_STATUS_BUSY, /* Role Switch Pending */
187 MGMT_STATUS_FAILED, /* Slot Violation */
188 MGMT_STATUS_FAILED, /* Role Switch Failed */
189 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
190 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
191 MGMT_STATUS_BUSY, /* Host Busy Pairing */
192 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
193 MGMT_STATUS_BUSY, /* Controller Busy */
194 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
195 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
196 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
197 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
198 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
199};
200
201static u8 mgmt_status(u8 hci_status)
202{
203 if (hci_status < ARRAY_SIZE(mgmt_status_table))
204 return mgmt_status_table[hci_status];
205
206 return MGMT_STATUS_FAILED;
207}
208
4e51eae9 209static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 210{
211 struct sk_buff *skb;
212 struct mgmt_hdr *hdr;
213 struct mgmt_ev_cmd_status *ev;
56b7d137 214 int err;
f7b64e69 215
34eb525c 216 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 217
790eff44 218 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 219 if (!skb)
220 return -ENOMEM;
221
222 hdr = (void *) skb_put(skb, sizeof(*hdr));
223
dcf4adbf 224 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 225 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 226 hdr->len = cpu_to_le16(sizeof(*ev));
227
228 ev = (void *) skb_put(skb, sizeof(*ev));
229 ev->status = status;
eb55ef07 230 ev->opcode = cpu_to_le16(cmd);
f7b64e69 231
56b7d137
GP		 232 err = sock_queue_rcv_skb(sk, skb);
233 if (err < 0)
f7b64e69
JH		 234 kfree_skb(skb);
235
56b7d137 236 return err;
f7b64e69
JH		 237}
238
aee9b218 239static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 240 void *rp, size_t rp_len)
02d98129
JH		 241{
242 struct sk_buff *skb;
243 struct mgmt_hdr *hdr;
244 struct mgmt_ev_cmd_complete *ev;
56b7d137 245 int err;
02d98129
JH		 246
247 BT_DBG("sock %p", sk);
248
790eff44 249 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 250 if (!skb)
251 return -ENOMEM;
252
253 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 254
dcf4adbf 255 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 256 hdr->index = cpu_to_le16(index);
a38528f1 257 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 258
a38528f1 259 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 260 ev->opcode = cpu_to_le16(cmd);
aee9b218 261 ev->status = status;
8020c16a
SJ		 262
263 if (rp)
264 memcpy(ev->data, rp, rp_len);
02d98129 265
56b7d137
GP		 266 err = sock_queue_rcv_skb(sk, skb);
267 if (err < 0)
02d98129
JH		 268 kfree_skb(skb);
269
e5f0e151 270 return err;
02d98129
JH		 271}
272
04124681
GP		 273static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
a38528f1
JH		 275{
276 struct mgmt_rp_read_version rp;
277
278 BT_DBG("sock %p", sk);
279
280 rp.version = MGMT_VERSION;
dcf4adbf 281 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 282
aee9b218 283 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 284 sizeof(rp));
a38528f1
JH		 285}
286
04124681
GP		 287static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
288 u16 data_len)
e70bb2e8
JH		 289{
290 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 291 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
292 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 293 __le16 *opcode;
e70bb2e8
JH		 294 size_t rp_size;
295 int i, err;
296
297 BT_DBG("sock %p", sk);
298
299 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
300
301 rp = kmalloc(rp_size, GFP_KERNEL);
302 if (!rp)
303 return -ENOMEM;
304
dcf4adbf
JP		 305 rp->num_commands = cpu_to_le16(num_commands);
306 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 307
308 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
309 put_unaligned_le16(mgmt_commands[i], opcode);
310
311 for (i = 0; i < num_events; i++, opcode++)
312 put_unaligned_le16(mgmt_events[i], opcode);
313
aee9b218 314 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 315 rp_size);
e70bb2e8
JH		 316 kfree(rp);
317
318 return err;
319}
320
04124681
GP		 321static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
322 u16 data_len)
faba42eb 323{
faba42eb 324 struct mgmt_rp_read_index_list *rp;
8035ded4 325 struct hci_dev *d;
a38528f1 326 size_t rp_len;
faba42eb 327 u16 count;
476e44cb 328 int err;
faba42eb
JH		 329
330 BT_DBG("sock %p", sk);
331
332 read_lock(&hci_dev_list_lock);
333
334 count = 0;
bb4b2a9a 335 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 336 if (d->dev_type == HCI_BREDR)
337 count++;
faba42eb
JH		 338 }
339
a38528f1
JH		 340 rp_len = sizeof(*rp) + (2 * count);
341 rp = kmalloc(rp_len, GFP_ATOMIC);
342 if (!rp) {
b2c60d42 343 read_unlock(&hci_dev_list_lock);
faba42eb 344 return -ENOMEM;
b2c60d42 345 }
faba42eb 346
476e44cb 347 count = 0;
8035ded4 348 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 349 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 350 continue;
351
0736cfa8
MH		 352 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
353 continue;
354
fee746b0
MH		 355 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
356 continue;
357
1514b892
MH		 358 if (d->dev_type == HCI_BREDR) {
359 rp->index[count++] = cpu_to_le16(d->id);
360 BT_DBG("Added hci%u", d->id);
361 }
faba42eb
JH		 362 }
363
476e44cb
JH		 364 rp->num_controllers = cpu_to_le16(count);
365 rp_len = sizeof(*rp) + (2 * count);
366
faba42eb
JH		 367 read_unlock(&hci_dev_list_lock);
368
aee9b218 369 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 370 rp_len);
faba42eb 371
a38528f1
JH		 372 kfree(rp);
373
374 return err;
faba42eb
JH		 375}
376
69ab39ea
JH		 377static u32 get_supported_settings(struct hci_dev *hdev)
378{
379 u32 settings = 0;
380
381 settings |= MGMT_SETTING_POWERED;
69ab39ea 382 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 383 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 384
ed3fa31f 385 if (lmp_bredr_capable(hdev)) {
33c525c0 386 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 387 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
388 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 389 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 390 settings |= MGMT_SETTING_BREDR;
391 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 392
393 if (lmp_ssp_capable(hdev)) {
394 settings |= MGMT_SETTING_SSP;
395 settings |= MGMT_SETTING_HS;
396 }
e98d2ce2 397
5afeac14 398 if (lmp_sc_capable(hdev) ||
111902f7 399 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 400 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 401 }
d7b7e796 402
eeca6f89 403 if (lmp_le_capable(hdev)) {
9d42820f 404 settings |= MGMT_SETTING_LE;
eeca6f89 405 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 406 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 407 }
69ab39ea
JH		 408
409 return settings;
410}
411
412static u32 get_current_settings(struct hci_dev *hdev)
413{
414 u32 settings = 0;
415
f1f0eb02 416 if (hdev_is_powered(hdev))
f0d4b78a
MH		 417 settings |= MGMT_SETTING_POWERED;
418
5e5282bb 419 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_CONNECTABLE;
421
1a4d3c4b
JH		 422 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
423 settings |= MGMT_SETTING_FAST_CONNECTABLE;
424
5e5282bb 425 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_DISCOVERABLE;
427
a8b2d5c2 428 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_PAIRABLE;
430
56f87901 431 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 432 settings |= MGMT_SETTING_BREDR;
433
06199cf8 434 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 435 settings |= MGMT_SETTING_LE;
436
47990ea0 437 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 438 settings |= MGMT_SETTING_LINK_SECURITY;
439
84bde9d6 440 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 441 settings |= MGMT_SETTING_SSP;
442
6d80dfd0
JH		 443 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
444 settings |= MGMT_SETTING_HS;
445
f3d3444a 446 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 447 settings |= MGMT_SETTING_ADVERTISING;
448
e98d2ce2
MH		 449 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
450 settings |= MGMT_SETTING_SECURE_CONN;
451
0663b297 452 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 453 settings |= MGMT_SETTING_DEBUG_KEYS;
454
0f4bd942
JH		 455 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
456 settings |= MGMT_SETTING_PRIVACY;
457
69ab39ea
JH		 458 return settings;
459}
460
ef580372
JH		 461#define PNP_INFO_SVCLASS_ID 0x1200
462
213202ed
JH		 463static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
464{
465 u8 *ptr = data, *uuids_start = NULL;
466 struct bt_uuid *uuid;
467
468 if (len < 4)
469 return ptr;
470
471 list_for_each_entry(uuid, &hdev->uuids, list) {
472 u16 uuid16;
473
474 if (uuid->size != 16)
475 continue;
476
477 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
478 if (uuid16 < 0x1100)
479 continue;
480
481 if (uuid16 == PNP_INFO_SVCLASS_ID)
482 continue;
483
484 if (!uuids_start) {
485 uuids_start = ptr;
486 uuids_start[0] = 1;
487 uuids_start[1] = EIR_UUID16_ALL;
488 ptr += 2;
489 }
490
491 /* Stop if not enough space to put next UUID */
492 if ((ptr - data) + sizeof(u16) > len) {
493 uuids_start[1] = EIR_UUID16_SOME;
494 break;
495 }
496
497 *ptr++ = (uuid16 & 0x00ff);
498 *ptr++ = (uuid16 & 0xff00) >> 8;
499 uuids_start[0] += sizeof(uuid16);
500 }
501
502 return ptr;
503}
504
cdf1963f
JH		 505static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
506{
507 u8 *ptr = data, *uuids_start = NULL;
508 struct bt_uuid *uuid;
509
510 if (len < 6)
511 return ptr;
512
513 list_for_each_entry(uuid, &hdev->uuids, list) {
514 if (uuid->size != 32)
515 continue;
516
517 if (!uuids_start) {
518 uuids_start = ptr;
519 uuids_start[0] = 1;
520 uuids_start[1] = EIR_UUID32_ALL;
521 ptr += 2;
522 }
523
524 /* Stop if not enough space to put next UUID */
525 if ((ptr - data) + sizeof(u32) > len) {
526 uuids_start[1] = EIR_UUID32_SOME;
527 break;
528 }
529
530 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
531 ptr += sizeof(u32);
532 uuids_start[0] += sizeof(u32);
533 }
534
535 return ptr;
536}
537
c00d575b
JH		 538static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
539{
540 u8 *ptr = data, *uuids_start = NULL;
541 struct bt_uuid *uuid;
542
543 if (len < 18)
544 return ptr;
545
546 list_for_each_entry(uuid, &hdev->uuids, list) {
547 if (uuid->size != 128)
548 continue;
549
550 if (!uuids_start) {
551 uuids_start = ptr;
552 uuids_start[0] = 1;
553 uuids_start[1] = EIR_UUID128_ALL;
554 ptr += 2;
555 }
556
557 /* Stop if not enough space to put next UUID */
558 if ((ptr - data) + 16 > len) {
559 uuids_start[1] = EIR_UUID128_SOME;
560 break;
561 }
562
563 memcpy(ptr, uuid->uuid, 16);
564 ptr += 16;
565 uuids_start[0] += 16;
566 }
567
568 return ptr;
569}
570
eb2a8d20
JH		 571static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
572{
573 struct pending_cmd *cmd;
574
575 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
576 if (cmd->opcode == opcode)
577 return cmd;
578 }
579
580 return NULL;
581}
582
95868426
JH		 583static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
584 struct hci_dev *hdev,
585 const void *data)
586{
587 struct pending_cmd *cmd;
588
589 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
590 if (cmd->user_data != data)
591 continue;
592 if (cmd->opcode == opcode)
593 return cmd;
594 }
595
596 return NULL;
597}
598
f14d8f64
MH		 599static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
600{
7a5f4990
MH		 601 u8 ad_len = 0;
602 size_t name_len;
603
604 name_len = strlen(hdev->dev_name);
605 if (name_len > 0) {
606 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
607
608 if (name_len > max_len) {
609 name_len = max_len;
610 ptr[1] = EIR_NAME_SHORT;
611 } else
612 ptr[1] = EIR_NAME_COMPLETE;
613
614 ptr[0] = name_len + 1;
615
616 memcpy(ptr + 2, hdev->dev_name, name_len);
617
618 ad_len += (name_len + 2);
619 ptr += (name_len + 2);
620 }
621
622 return ad_len;
f14d8f64
MH		 623}
624
625static void update_scan_rsp_data(struct hci_request *req)
626{
627 struct hci_dev *hdev = req->hdev;
628 struct hci_cp_le_set_scan_rsp_data cp;
629 u8 len;
630
7751ef1b 631 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 632 return;
633
634 memset(&cp, 0, sizeof(cp));
635
636 len = create_scan_rsp_data(hdev, cp.data);
637
eb438b5f
JH		 638 if (hdev->scan_rsp_data_len == len &&
639 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 640 return;
641
eb438b5f
JH		 642 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
643 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 644
645 cp.length = len;
646
647 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
648}
649
9a43e25f
JH		 650static u8 get_adv_discov_flags(struct hci_dev *hdev)
651{
652 struct pending_cmd *cmd;
653
654 /* If there's a pending mgmt command the flags will not yet have
655 * their final values, so check for this first.
656 */
657 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
658 if (cmd) {
659 struct mgmt_mode *cp = cmd->param;
660 if (cp->val == 0x01)
661 return LE_AD_GENERAL;
662 else if (cp->val == 0x02)
663 return LE_AD_LIMITED;
664 } else {
665 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
666 return LE_AD_LIMITED;
667 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
668 return LE_AD_GENERAL;
669 }
670
671 return 0;
672}
673
46cad2ed 674static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 675{
676 u8 ad_len = 0, flags = 0;
441ad2d0 677
9a43e25f 678 flags |= get_adv_discov_flags(hdev);
441ad2d0 679
e834004b 680 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 681 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 682
683 if (flags) {
684 BT_DBG("adv flags 0x%02x", flags);
685
686 ptr[0] = 2;
687 ptr[1] = EIR_FLAGS;
688 ptr[2] = flags;
689
690 ad_len += 3;
691 ptr += 3;
692 }
693
694 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
695 ptr[0] = 2;
696 ptr[1] = EIR_TX_POWER;
697 ptr[2] = (u8) hdev->adv_tx_power;
698
699 ad_len += 3;
700 ptr += 3;
701 }
702
441ad2d0
MH		 703 return ad_len;
704}
705
5947f4bc 706static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 707{
708 struct hci_dev *hdev = req->hdev;
709 struct hci_cp_le_set_adv_data cp;
710 u8 len;
711
10994ce6 712 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 713 return;
714
715 memset(&cp, 0, sizeof(cp));
716
46cad2ed 717 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 718
719 if (hdev->adv_data_len == len &&
720 memcmp(cp.data, hdev->adv_data, len) == 0)
721 return;
722
723 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
724 hdev->adv_data_len = len;
725
726 cp.length = len;
727
728 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
729}
730
ef580372
JH		 731static void create_eir(struct hci_dev *hdev, u8 *data)
732{
733 u8 *ptr = data;
ef580372
JH		 734 size_t name_len;
735
736 name_len = strlen(hdev->dev_name);
737
738 if (name_len > 0) {
739 /* EIR Data type */
740 if (name_len > 48) {
741 name_len = 48;
742 ptr[1] = EIR_NAME_SHORT;
743 } else
744 ptr[1] = EIR_NAME_COMPLETE;
745
746 /* EIR Data length */
747 ptr[0] = name_len + 1;
748
749 memcpy(ptr + 2, hdev->dev_name, name_len);
750
ef580372
JH		 751 ptr += (name_len + 2);
752 }
753
bbaf444a 754 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 755 ptr[0] = 2;
756 ptr[1] = EIR_TX_POWER;
757 ptr[2] = (u8) hdev->inq_tx_power;
758
91c4e9b1
MH		 759 ptr += 3;
760 }
761
2b9be137
MH		 762 if (hdev->devid_source > 0) {
763 ptr[0] = 9;
764 ptr[1] = EIR_DEVICE_ID;
765
766 put_unaligned_le16(hdev->devid_source, ptr + 2);
767 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
768 put_unaligned_le16(hdev->devid_product, ptr + 6);
769 put_unaligned_le16(hdev->devid_version, ptr + 8);
770
2b9be137
MH		 771 ptr += 10;
772 }
773
213202ed 774 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 775 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 776 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 777}
778
890ea898 779static void update_eir(struct hci_request *req)
ef580372 780{
890ea898 781 struct hci_dev *hdev = req->hdev;
ef580372
JH		 782 struct hci_cp_write_eir cp;
783
504c8dcd 784 if (!hdev_is_powered(hdev))
890ea898 785 return;
7770c4aa 786
976eb20e 787 if (!lmp_ext_inq_capable(hdev))
890ea898 788 return;
ef580372 789
84bde9d6 790 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 791 return;
ef580372 792
a8b2d5c2 793 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 794 return;
ef580372
JH		 795
796 memset(&cp, 0, sizeof(cp));
797
798 create_eir(hdev, cp.data);
799
800 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 801 return;
ef580372
JH		 802
803 memcpy(hdev->eir, cp.data, sizeof(cp.data));
804
890ea898 805 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 806}
807
808static u8 get_service_classes(struct hci_dev *hdev)
809{
810 struct bt_uuid *uuid;
811 u8 val = 0;
812
813 list_for_each_entry(uuid, &hdev->uuids, list)
814 val |= uuid->svc_hint;
815
816 return val;
817}
818
890ea898 819static void update_class(struct hci_request *req)
ef580372 820{
890ea898 821 struct hci_dev *hdev = req->hdev;
ef580372
JH		 822 u8 cod[3];
823
824 BT_DBG("%s", hdev->name);
825
504c8dcd 826 if (!hdev_is_powered(hdev))
890ea898 827 return;
7770c4aa 828
f87ea1da
JH		 829 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
830 return;
831
a8b2d5c2 832 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 833 return;
ef580372
JH		 834
835 cod[0] = hdev->minor_class;
836 cod[1] = hdev->major_class;
837 cod[2] = get_service_classes(hdev);
838
6acd7db4
MH		 839 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
840 cod[1] |= 0x20;
841
ef580372 842 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 843 return;
ef580372 844
890ea898 845 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 846}
847
a4858cb9 848static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 849{
850 struct pending_cmd *cmd;
199a2fb1
JH		 851
852 /* If there's a pending mgmt command the flag will not yet have
853 * it's final value, so check for this first.
854 */
855 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
856 if (cmd) {
857 struct mgmt_mode *cp = cmd->param;
a4858cb9 858 return cp->val;
199a2fb1
JH		 859 }
860
a4858cb9 861 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 862}
863
864static void enable_advertising(struct hci_request *req)
865{
866 struct hci_dev *hdev = req->hdev;
867 struct hci_cp_le_set_adv_param cp;
8f2a0601 868 u8 own_addr_type, enable = 0x01;
a4858cb9 869 bool connectable;
199a2fb1 870
8d97250e
JH		 871 /* Clear the HCI_ADVERTISING bit temporarily so that the
872 * hci_update_random_address knows that it's safe to go ahead
873 * and write a new random address. The flag will be set back on
874 * as soon as the SET_ADV_ENABLE HCI command completes.
875 */
876 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
877
a4858cb9 878 connectable = get_connectable(hdev);
8f2a0601 879
a4858cb9
JH		 880 /* Set require_privacy to true only when non-connectable
881 * advertising is used. In that case it is fine to use a
882 * non-resolvable private address.
883 */
884 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 885 return;
886
41c90c18 887 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 888 cp.min_interval = cpu_to_le16(0x0800);
889 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 890 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 891 cp.own_address_type = own_addr_type;
199a2fb1
JH		 892 cp.channel_map = hdev->le_adv_channel_map;
893
894 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
895
896 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
897}
898
899static void disable_advertising(struct hci_request *req)
900{
901 u8 enable = 0x00;
902
903 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
904}
905
7d78525d
JH		 906static void service_cache_off(struct work_struct *work)
907{
908 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 909 service_cache.work);
890ea898 910 struct hci_request req;
7d78525d 911
a8b2d5c2 912 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 913 return;
914
890ea898
JH		 915 hci_req_init(&req, hdev);
916
7d78525d
JH		 917 hci_dev_lock(hdev);
918
890ea898
JH		 919 update_eir(&req);
920 update_class(&req);
7d78525d
JH		 921
922 hci_dev_unlock(hdev);
890ea898
JH		 923
924 hci_req_run(&req, NULL);
7d78525d
JH		 925}
926
d6bfd59c
JH		 927static void rpa_expired(struct work_struct *work)
928{
929 struct hci_dev *hdev = container_of(work, struct hci_dev,
930 rpa_expired.work);
931 struct hci_request req;
932
933 BT_DBG("");
934
935 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
936
937 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
938 hci_conn_num(hdev, LE_LINK) > 0)
939 return;
940
941 /* The generation of a new RPA and programming it into the
942 * controller happens in the enable_advertising() function.
943 */
944
945 hci_req_init(&req, hdev);
946
947 disable_advertising(&req);
948 enable_advertising(&req);
949
950 hci_req_run(&req, NULL);
951}
952
6a919082 953static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 954{
4f87da80 955 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 956 return;
957
4f87da80 958 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 959 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 960
4f87da80
JH		 961 /* Non-mgmt controlled devices get this bit set
962 * implicitly so that pairing works for them, however
963 * for mgmt we require user-space to explicitly enable
964 * it
965 */
966 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 967}
968
0f4e68cf 969static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 970 void *data, u16 data_len)
0381101f 971{
a38528f1 972 struct mgmt_rp_read_info rp;
f7b64e69 973
bdb6d971 974 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 975
09fd0de5 976 hci_dev_lock(hdev);
f7b64e69 977
dc4fe30b
JH		 978 memset(&rp, 0, sizeof(rp));
979
69ab39ea 980 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 981
69ab39ea 982 rp.version = hdev->hci_ver;
eb55ef07 983 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 984
985 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
986 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 987
a38528f1 988 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 989
dc4fe30b 990 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 991 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 992
09fd0de5 993 hci_dev_unlock(hdev);
0381101f 994
bdb6d971 995 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 996 sizeof(rp));
0381101f
JH		 997}
998
eec8d2bc
JH		 999static void mgmt_pending_free(struct pending_cmd *cmd)
1000{
1001 sock_put(cmd->sk);
c68fb7ff 1002 kfree(cmd->param);
eec8d2bc
JH		 1003 kfree(cmd);
1004}
1005
366a0336 1006static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1007 struct hci_dev *hdev, void *data,
1008 u16 len)
eec8d2bc
JH		 1009{
1010 struct pending_cmd *cmd;
1011
fca20018 1012 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1013 if (!cmd)
366a0336 1014 return NULL;
eec8d2bc
JH		 1015
1016 cmd->opcode = opcode;
2e58ef3e 1017 cmd->index = hdev->id;
eec8d2bc 1018
12b94565 1019 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1020 if (!cmd->param) {
eec8d2bc 1021 kfree(cmd);
366a0336 1022 return NULL;
eec8d2bc
JH		 1023 }
1024
8fce6357
SJ		 1025 if (data)
1026 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1027
1028 cmd->sk = sk;
1029 sock_hold(sk);
1030
2e58ef3e 1031 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1032
366a0336 1033 return cmd;
eec8d2bc
JH		 1034}
1035
744cf19e 1036static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1037 void (*cb)(struct pending_cmd *cmd,
1038 void *data),
04124681 1039 void *data)
eec8d2bc 1040{
a3d09356 1041 struct pending_cmd *cmd, *tmp;
eec8d2bc 1042
a3d09356 1043 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1044 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1045 continue;
1046
eec8d2bc
JH		 1047 cb(cmd, data);
1048 }
1049}
1050
a664b5bc 1051static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1052{
73f22f62
JH		 1053 list_del(&cmd->list);
1054 mgmt_pending_free(cmd);
1055}
1056
69ab39ea 1057static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1058{
69ab39ea 1059 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1060
aee9b218 1061 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1062 sizeof(settings));
8680570b
JH		 1063}
1064
8b064a3a
JH		 1065static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1066{
1067 BT_DBG("%s status 0x%02x", hdev->name, status);
1068
a3172b7e
JH		 1069 if (hci_conn_count(hdev) == 0) {
1070 cancel_delayed_work(&hdev->power_off);
8b064a3a 1071 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1072 }
8b064a3a
JH		 1073}
1074
21a60d30
JH		 1075static void hci_stop_discovery(struct hci_request *req)
1076{
1077 struct hci_dev *hdev = req->hdev;
1078 struct hci_cp_remote_name_req_cancel cp;
1079 struct inquiry_entry *e;
1080
1081 switch (hdev->discovery.state) {
1082 case DISCOVERY_FINDING:
1083 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1084 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1085 } else {
1086 cancel_delayed_work(&hdev->le_scan_disable);
1087 hci_req_add_le_scan_disable(req);
1088 }
1089
1090 break;
1091
1092 case DISCOVERY_RESOLVING:
1093 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1094 NAME_PENDING);
1095 if (!e)
1096 return;
1097
1098 bacpy(&cp.bdaddr, &e->data.bdaddr);
1099 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1100 &cp);
1101
1102 break;
1103
1104 default:
1105 /* Passive scanning */
1106 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1107 hci_req_add_le_scan_disable(req);
1108 break;
1109 }
1110}
1111
8b064a3a
JH		 1112static int clean_up_hci_state(struct hci_dev *hdev)
1113{
1114 struct hci_request req;
1115 struct hci_conn *conn;
1116
1117 hci_req_init(&req, hdev);
1118
1119 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1120 test_bit(HCI_PSCAN, &hdev->flags)) {
1121 u8 scan = 0x00;
1122 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1123 }
1124
1125 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1126 disable_advertising(&req);
1127
f8680f12 1128 hci_stop_discovery(&req);
8b064a3a
JH		 1129
1130 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1131 struct hci_cp_disconnect dc;
c9910d0f
JH		 1132 struct hci_cp_reject_conn_req rej;
1133
1134 switch (conn->state) {
1135 case BT_CONNECTED:
1136 case BT_CONFIG:
1137 dc.handle = cpu_to_le16(conn->handle);
1138 dc.reason = 0x15; /* Terminated due to Power Off */
1139 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1140 break;
1141 case BT_CONNECT:
1142 if (conn->type == LE_LINK)
1143 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1144 0, NULL);
1145 else if (conn->type == ACL_LINK)
1146 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1147 6, &conn->dst);
1148 break;
1149 case BT_CONNECT2:
1150 bacpy(&rej.bdaddr, &conn->dst);
1151 rej.reason = 0x15; /* Terminated due to Power Off */
1152 if (conn->type == ACL_LINK)
1153 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1154 sizeof(rej), &rej);
1155 else if (conn->type == SCO_LINK)
1156 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1157 sizeof(rej), &rej);
1158 break;
1159 }
8b064a3a
JH		 1160 }
1161
1162 return hci_req_run(&req, clean_up_hci_complete);
1163}
1164
bdb6d971 1165static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1166 u16 len)
eec8d2bc 1167{
650f726d 1168 struct mgmt_mode *cp = data;
366a0336 1169 struct pending_cmd *cmd;
4b34ee78 1170 int err;
eec8d2bc 1171
bdb6d971 1172 BT_DBG("request for %s", hdev->name);
eec8d2bc 1173
a7e80f25
JH		 1174 if (cp->val != 0x00 && cp->val != 0x01)
1175 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1176 MGMT_STATUS_INVALID_PARAMS);
1177
09fd0de5 1178 hci_dev_lock(hdev);
eec8d2bc 1179
87b95ba6
JH		 1180 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1181 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1182 MGMT_STATUS_BUSY);
1183 goto failed;
1184 }
1185
f0d4b78a
MH		 1186 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1187 cancel_delayed_work(&hdev->power_off);
1188
1189 if (cp->val) {
a1d70450
JH		 1190 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1191 data, len);
1192 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1193 goto failed;
1194 }
1195 }
1196
4b34ee78 1197 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1198 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1199 goto failed;
1200 }
1201
2e58ef3e 1202 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1203 if (!cmd) {
1204 err = -ENOMEM;
eec8d2bc 1205 goto failed;
366a0336 1206 }
eec8d2bc 1207
8b064a3a 1208 if (cp->val) {
19202573 1209 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1210 err = 0;
1211 } else {
1212 /* Disconnect connections, stop scans, etc */
1213 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1214 if (!err)
1215 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1216 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1217
8b064a3a
JH		 1218 /* ENODATA means there were no HCI commands queued */
1219 if (err == -ENODATA) {
a3172b7e 1220 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1221 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1222 err = 0;
1223 }
1224 }
eec8d2bc
JH		 1225
1226failed:
09fd0de5 1227 hci_dev_unlock(hdev);
366a0336 1228 return err;
eec8d2bc
JH		 1229}
1230
04124681
GP		 1231static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1232 struct sock *skip_sk)
beadb2bd
JH		 1233{
1234 struct sk_buff *skb;
1235 struct mgmt_hdr *hdr;
1236
790eff44 1237 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1238 if (!skb)
1239 return -ENOMEM;
1240
1241 hdr = (void *) skb_put(skb, sizeof(*hdr));
1242 hdr->opcode = cpu_to_le16(event);
1243 if (hdev)
1244 hdr->index = cpu_to_le16(hdev->id);
1245 else
dcf4adbf 1246 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1247 hdr->len = cpu_to_le16(data_len);
1248
1249 if (data)
1250 memcpy(skb_put(skb, data_len), data, data_len);
1251
97e0bdeb
MH		 1252 /* Time stamp */
1253 __net_timestamp(skb);
1254
beadb2bd
JH		 1255 hci_send_to_control(skb, skip_sk);
1256 kfree_skb(skb);
1257
1258 return 0;
1259}
1260
1261static int new_settings(struct hci_dev *hdev, struct sock *skip)
1262{
1263 __le32 ev;
1264
1265 ev = cpu_to_le32(get_current_settings(hdev));
1266
1267 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1268}
1269
bd99abdd
JH		 1270struct cmd_lookup {
1271 struct sock *sk;
1272 struct hci_dev *hdev;
1273 u8 mgmt_status;
1274};
1275
1276static void settings_rsp(struct pending_cmd *cmd, void *data)
1277{
1278 struct cmd_lookup *match = data;
1279
1280 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1281
1282 list_del(&cmd->list);
1283
1284 if (match->sk == NULL) {
1285 match->sk = cmd->sk;
1286 sock_hold(match->sk);
1287 }
1288
1289 mgmt_pending_free(cmd);
1290}
1291
1292static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1293{
1294 u8 *status = data;
1295
1296 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1297 mgmt_pending_remove(cmd);
1298}
1299
e6fe7986
JH		 1300static u8 mgmt_bredr_support(struct hci_dev *hdev)
1301{
1302 if (!lmp_bredr_capable(hdev))
1303 return MGMT_STATUS_NOT_SUPPORTED;
1304 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1305 return MGMT_STATUS_REJECTED;
1306 else
1307 return MGMT_STATUS_SUCCESS;
1308}
1309
1310static u8 mgmt_le_support(struct hci_dev *hdev)
1311{
1312 if (!lmp_le_capable(hdev))
1313 return MGMT_STATUS_NOT_SUPPORTED;
1314 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1315 return MGMT_STATUS_REJECTED;
1316 else
1317 return MGMT_STATUS_SUCCESS;
1318}
1319
bfaf8c9f
JH		 1320static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1321{
1322 struct pending_cmd *cmd;
1323 struct mgmt_mode *cp;
970ba524 1324 struct hci_request req;
bfaf8c9f
JH		 1325 bool changed;
1326
1327 BT_DBG("status 0x%02x", status);
1328
1329 hci_dev_lock(hdev);
1330
1331 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1332 if (!cmd)
1333 goto unlock;
1334
1335 if (status) {
1336 u8 mgmt_err = mgmt_status(status);
1337 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1338 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1339 goto remove_cmd;
1340 }
1341
1342 cp = cmd->param;
d4462a07 1343 if (cp->val) {
bfaf8c9f
JH		 1344 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1345 &hdev->dev_flags);
d4462a07
MH		 1346
1347 if (hdev->discov_timeout > 0) {
1348 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1349 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1350 to);
1351 }
1352 } else {
bfaf8c9f
JH		 1353 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1354 &hdev->dev_flags);
d4462a07 1355 }
bfaf8c9f
JH		 1356
1357 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1358
1359 if (changed)
1360 new_settings(hdev, cmd->sk);
1361
970ba524
MH		 1362 /* When the discoverable mode gets changed, make sure
1363 * that class of device has the limited discoverable
1364 * bit correctly set.
1365 */
1366 hci_req_init(&req, hdev);
1367 update_class(&req);
1368 hci_req_run(&req, NULL);
1369
bfaf8c9f
JH		 1370remove_cmd:
1371 mgmt_pending_remove(cmd);
1372
1373unlock:
1374 hci_dev_unlock(hdev);
1375}
1376
bdb6d971 1377static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1378 u16 len)
73f22f62 1379{
650f726d 1380 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1381 struct pending_cmd *cmd;
bfaf8c9f 1382 struct hci_request req;
5e5282bb 1383 u16 timeout;
9a43e25f 1384 u8 scan;
73f22f62
JH		 1385 int err;
1386
bdb6d971 1387 BT_DBG("request for %s", hdev->name);
73f22f62 1388
9a43e25f
JH		 1389 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1390 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1391 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1392 MGMT_STATUS_REJECTED);
33c525c0 1393
310a3d48 1394 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1395 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1396 MGMT_STATUS_INVALID_PARAMS);
1397
1f350c87 1398 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1399
1400 /* Disabling discoverable requires that no timeout is set,
1401 * and enabling limited discoverable requires a timeout.
1402 */
1403 if ((cp->val == 0x00 && timeout > 0) ||
1404 (cp->val == 0x02 && timeout == 0))
bdb6d971 1405 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1406 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1407
09fd0de5 1408 hci_dev_lock(hdev);
73f22f62 1409
5e5282bb 1410 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1411 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1412 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1413 goto failed;
1414 }
1415
2e58ef3e 1416 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1417 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1418 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1419 MGMT_STATUS_BUSY);
73f22f62
JH		 1420 goto failed;
1421 }
1422
5e5282bb 1423 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1424 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1425 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1426 goto failed;
1427 }
1428
1429 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1430 bool changed = false;
1431
310a3d48
MH		 1432 /* Setting limited discoverable when powered off is
1433 * not a valid operation since it requires a timeout
1434 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1435 */
0224d2fa
JH		 1436 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1437 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1438 changed = true;
1439 }
1440
5e5282bb 1441 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1442 if (err < 0)
1443 goto failed;
1444
1445 if (changed)
1446 err = new_settings(hdev, sk);
1447
5e5282bb
JH		 1448 goto failed;
1449 }
1450
310a3d48
MH		 1451 /* If the current mode is the same, then just update the timeout
1452 * value with the new value. And if only the timeout gets updated,
1453 * then no need for any HCI transactions.
1454 */
1455 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1456 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1457 &hdev->dev_flags)) {
36261547
MH		 1458 cancel_delayed_work(&hdev->discov_off);
1459 hdev->discov_timeout = timeout;
955638ec 1460
36261547
MH		 1461 if (cp->val && hdev->discov_timeout > 0) {
1462 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1463 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1464 to);
955638ec
MH		 1465 }
1466
69ab39ea 1467 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1468 goto failed;
1469 }
1470
2e58ef3e 1471 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1472 if (!cmd) {
1473 err = -ENOMEM;
73f22f62 1474 goto failed;
366a0336 1475 }
73f22f62 1476
310a3d48
MH		 1477 /* Cancel any potential discoverable timeout that might be
1478 * still active and store new timeout value. The arming of
1479 * the timeout happens in the complete handler.
1480 */
1481 cancel_delayed_work(&hdev->discov_off);
1482 hdev->discov_timeout = timeout;
1483
b456f87c
JH		 1484 /* Limited discoverable mode */
1485 if (cp->val == 0x02)
1486 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1487 else
1488 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1489
bfaf8c9f
JH		 1490 hci_req_init(&req, hdev);
1491
9a43e25f
JH		 1492 /* The procedure for LE-only controllers is much simpler - just
1493 * update the advertising data.
1494 */
1495 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1496 goto update_ad;
1497
73f22f62
JH		 1498 scan = SCAN_PAGE;
1499
310a3d48
MH		 1500 if (cp->val) {
1501 struct hci_cp_write_current_iac_lap hci_cp;
1502
1503 if (cp->val == 0x02) {
1504 /* Limited discoverable mode */
33337dcb 1505 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1506 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1507 hci_cp.iac_lap[1] = 0x8b;
1508 hci_cp.iac_lap[2] = 0x9e;
1509 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1510 hci_cp.iac_lap[4] = 0x8b;
1511 hci_cp.iac_lap[5] = 0x9e;
1512 } else {
1513 /* General discoverable mode */
310a3d48
MH		 1514 hci_cp.num_iac = 1;
1515 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1516 hci_cp.iac_lap[1] = 0x8b;
1517 hci_cp.iac_lap[2] = 0x9e;
1518 }
1519
1520 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1521 (hci_cp.num_iac * 3) + 1, &hci_cp);
1522
73f22f62 1523 scan |= SCAN_INQUIRY;
310a3d48
MH		 1524 } else {
1525 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1526 }
73f22f62 1527
310a3d48 1528 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1529
9a43e25f
JH		 1530update_ad:
1531 update_adv_data(&req);
1532
bfaf8c9f 1533 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1534 if (err < 0)
a664b5bc 1535 mgmt_pending_remove(cmd);
73f22f62
JH		 1536
1537failed:
09fd0de5 1538 hci_dev_unlock(hdev);
73f22f62
JH		 1539 return err;
1540}
1541
406d7804
JH		 1542static void write_fast_connectable(struct hci_request *req, bool enable)
1543{
bd98b996 1544 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1545 struct hci_cp_write_page_scan_activity acp;
1546 u8 type;
1547
547003b1
JH		 1548 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1549 return;
1550
4c01f8b8
JH		 1551 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1552 return;
1553
406d7804
JH		 1554 if (enable) {
1555 type = PAGE_SCAN_TYPE_INTERLACED;
1556
1557 /* 160 msec page scan interval */
dcf4adbf 1558 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1559 } else {
1560 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1561
1562 /* default 1.28 sec page scan */
dcf4adbf 1563 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1564 }
1565
dcf4adbf 1566 acp.window = cpu_to_le16(0x0012);
406d7804 1567
bd98b996
JH		 1568 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1569 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1570 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1571 sizeof(acp), &acp);
1572
1573 if (hdev->page_scan_type != type)
1574 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1575}
1576
2b76f453
JH		 1577static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1578{
1579 struct pending_cmd *cmd;
d7b856f9
JH		 1580 struct mgmt_mode *cp;
1581 bool changed;
2b76f453
JH		 1582
1583 BT_DBG("status 0x%02x", status);
1584
1585 hci_dev_lock(hdev);
1586
1587 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1588 if (!cmd)
1589 goto unlock;
1590
37438c1f
JH		 1591 if (status) {
1592 u8 mgmt_err = mgmt_status(status);
1593 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1594 goto remove_cmd;
1595 }
1596
d7b856f9
JH		 1597 cp = cmd->param;
1598 if (cp->val)
1599 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1600 else
1601 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1602
2b76f453
JH		 1603 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1604
d7b856f9
JH		 1605 if (changed)
1606 new_settings(hdev, cmd->sk);
1607
37438c1f 1608remove_cmd:
2b76f453
JH		 1609 mgmt_pending_remove(cmd);
1610
1611unlock:
1612 hci_dev_unlock(hdev);
1613}
1614
e8ba3a1f
JH		 1615static int set_connectable_update_settings(struct hci_dev *hdev,
1616 struct sock *sk, u8 val)
1617{
1618 bool changed = false;
1619 int err;
1620
1621 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1622 changed = true;
1623
1624 if (val) {
1625 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1626 } else {
1627 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1628 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1629 }
1630
1631 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1632 if (err < 0)
1633 return err;
1634
1635 if (changed)
1636 return new_settings(hdev, sk);
1637
1638 return 0;
1639}
1640
bdb6d971 1641static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1642 u16 len)
9fbcbb45 1643{
650f726d 1644 struct mgmt_mode *cp = data;
366a0336 1645 struct pending_cmd *cmd;
2b76f453 1646 struct hci_request req;
1987fdc7 1647 u8 scan;
9fbcbb45
JH		 1648 int err;
1649
bdb6d971 1650 BT_DBG("request for %s", hdev->name);
9fbcbb45 1651
1987fdc7
JH		 1652 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1653 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1654 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1655 MGMT_STATUS_REJECTED);
33c525c0 1656
a7e80f25
JH		 1657 if (cp->val != 0x00 && cp->val != 0x01)
1658 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1659 MGMT_STATUS_INVALID_PARAMS);
1660
09fd0de5 1661 hci_dev_lock(hdev);
9fbcbb45 1662
4b34ee78 1663 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1664 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1665 goto failed;
1666 }
1667
2e58ef3e 1668 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1669 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1670 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1671 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1672 goto failed;
1673 }
1674
2e58ef3e 1675 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1676 if (!cmd) {
1677 err = -ENOMEM;
9fbcbb45 1678 goto failed;
366a0336 1679 }
9fbcbb45 1680
9b74246f 1681 hci_req_init(&req, hdev);
9fbcbb45 1682
9a43e25f
JH		 1683 /* If BR/EDR is not enabled and we disable advertising as a
1684 * by-product of disabling connectable, we need to update the
1685 * advertising flags.
1686 */
1687 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1688 if (!cp->val) {
1689 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1690 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1691 }
1692 update_adv_data(&req);
1693 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1694 if (cp->val) {
1695 scan = SCAN_PAGE;
1696 } else {
1697 scan = 0;
1698
1699 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1700 hdev->discov_timeout > 0)
9b74246f
JH		 1701 cancel_delayed_work(&hdev->discov_off);
1702 }
2b76f453 1703
9b74246f
JH		 1704 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1705 }
2b76f453 1706
4c01f8b8
JH		 1707 /* If we're going from non-connectable to connectable or
1708 * vice-versa when fast connectable is enabled ensure that fast
1709 * connectable gets disabled. write_fast_connectable won't do
1710 * anything if the page scan parameters are already what they
1711 * should be.
1712 */
1713 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1714 write_fast_connectable(&req, false);
1715
1987fdc7
JH		 1716 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1717 hci_conn_num(hdev, LE_LINK) == 0) {
1718 disable_advertising(&req);
1719 enable_advertising(&req);
1720 }
1721
2b76f453 1722 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1723 if (err < 0) {
a664b5bc 1724 mgmt_pending_remove(cmd);
9b74246f 1725 if (err == -ENODATA)
a81070ba
JH		 1726 err = set_connectable_update_settings(hdev, sk,
1727 cp->val);
9b74246f
JH		 1728 goto failed;
1729 }
9fbcbb45
JH		 1730
1731failed:
09fd0de5 1732 hci_dev_unlock(hdev);
9fbcbb45
JH		 1733 return err;
1734}
1735
bdb6d971 1736static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1737 u16 len)
c542a06c 1738{
650f726d 1739 struct mgmt_mode *cp = data;
55594356 1740 bool changed;
c542a06c
JH		 1741 int err;
1742
bdb6d971 1743 BT_DBG("request for %s", hdev->name);
c542a06c 1744
a7e80f25
JH		 1745 if (cp->val != 0x00 && cp->val != 0x01)
1746 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1747 MGMT_STATUS_INVALID_PARAMS);
1748
09fd0de5 1749 hci_dev_lock(hdev);
c542a06c
JH		 1750
1751 if (cp->val)
55594356 1752 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1753 else
55594356 1754 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1755
69ab39ea 1756 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1757 if (err < 0)
55594356 1758 goto unlock;
c542a06c 1759
55594356
MH		 1760 if (changed)
1761 err = new_settings(hdev, sk);
c542a06c 1762
55594356 1763unlock:
09fd0de5 1764 hci_dev_unlock(hdev);
c542a06c
JH		 1765 return err;
1766}
1767
04124681
GP		 1768static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1769 u16 len)
33ef95ed
JH		 1770{
1771 struct mgmt_mode *cp = data;
1772 struct pending_cmd *cmd;
e6fe7986 1773 u8 val, status;
33ef95ed
JH		 1774 int err;
1775
bdb6d971 1776 BT_DBG("request for %s", hdev->name);
33ef95ed 1777
e6fe7986
JH		 1778 status = mgmt_bredr_support(hdev);
1779 if (status)
33c525c0 1780 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1781 status);
33c525c0 1782
a7e80f25
JH		 1783 if (cp->val != 0x00 && cp->val != 0x01)
1784 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1785 MGMT_STATUS_INVALID_PARAMS);
1786
33ef95ed
JH		 1787 hci_dev_lock(hdev);
1788
4b34ee78 1789 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1790 bool changed = false;
1791
1792 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1793 &hdev->dev_flags)) {
47990ea0
JH		 1794 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1795 changed = true;
1796 }
1797
1798 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1799 if (err < 0)
1800 goto failed;
1801
1802 if (changed)
1803 err = new_settings(hdev, sk);
1804
33ef95ed
JH		 1805 goto failed;
1806 }
1807
1808 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1809 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1810 MGMT_STATUS_BUSY);
33ef95ed
JH		 1811 goto failed;
1812 }
1813
1814 val = !!cp->val;
1815
1816 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1817 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1818 goto failed;
1819 }
1820
1821 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1822 if (!cmd) {
1823 err = -ENOMEM;
1824 goto failed;
1825 }
1826
1827 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1828 if (err < 0) {
1829 mgmt_pending_remove(cmd);
1830 goto failed;
1831 }
1832
1833failed:
1834 hci_dev_unlock(hdev);
33ef95ed
JH		 1835 return err;
1836}
1837
bdb6d971 1838static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1839{
1840 struct mgmt_mode *cp = data;
1841 struct pending_cmd *cmd;
72ef0c1a 1842 u8 status;
ed2c4ee3
JH		 1843 int err;
1844
bdb6d971 1845 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1846
cdba5281
MH		 1847 status = mgmt_bredr_support(hdev);
1848 if (status)
1849 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1850
13ecd8b6
JH		 1851 if (!lmp_ssp_capable(hdev))
1852 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1853 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1854
a7e80f25
JH		 1855 if (cp->val != 0x00 && cp->val != 0x01)
1856 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1857 MGMT_STATUS_INVALID_PARAMS);
1858
13ecd8b6 1859 hci_dev_lock(hdev);
6c8f12c1 1860
4b34ee78 1861 if (!hdev_is_powered(hdev)) {
9ecb3e24 1862 bool changed;
c0ecddc2 1863
9ecb3e24
MH		 1864 if (cp->val) {
1865 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1866 &hdev->dev_flags);
1867 } else {
1868 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1869 &hdev->dev_flags);
1870 if (!changed)
1871 changed = test_and_clear_bit(HCI_HS_ENABLED,
1872 &hdev->dev_flags);
1873 else
1874 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1875 }
1876
1877 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1878 if (err < 0)
1879 goto failed;
1880
1881 if (changed)
1882 err = new_settings(hdev, sk);
1883
ed2c4ee3
JH		 1884 goto failed;
1885 }
1886
9ecb3e24
MH		 1887 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1888 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1889 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1890 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1891 goto failed;
1892 }
1893
72ef0c1a 1894 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1895 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1896 goto failed;
1897 }
1898
1899 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1900 if (!cmd) {
1901 err = -ENOMEM;
1902 goto failed;
1903 }
1904
3769972b
JH		 1905 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
1906 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1907 sizeof(cp->val), &cp->val);
1908
72ef0c1a 1909 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1910 if (err < 0) {
1911 mgmt_pending_remove(cmd);
1912 goto failed;
1913 }
1914
1915failed:
1916 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1917 return err;
1918}
1919
bdb6d971 1920static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1921{
1922 struct mgmt_mode *cp = data;
ee392693 1923 bool changed;
e6fe7986 1924 u8 status;
ee392693 1925 int err;
6d80dfd0 1926
bdb6d971 1927 BT_DBG("request for %s", hdev->name);
6d80dfd0 1928
e6fe7986
JH		 1929 status = mgmt_bredr_support(hdev);
1930 if (status)
1931 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1932
9ecb3e24
MH		 1933 if (!lmp_ssp_capable(hdev))
1934 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1935 MGMT_STATUS_NOT_SUPPORTED);
1936
1937 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1938 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1939 MGMT_STATUS_REJECTED);
1940
a7e80f25
JH		 1941 if (cp->val != 0x00 && cp->val != 0x01)
1942 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1943 MGMT_STATUS_INVALID_PARAMS);
1944
ee392693
MH		 1945 hci_dev_lock(hdev);
1946
a0cdf960 1947 if (cp->val) {
ee392693 1948 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1949 } else {
1950 if (hdev_is_powered(hdev)) {
1951 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1952 MGMT_STATUS_REJECTED);
1953 goto unlock;
1954 }
1955
ee392693 1956 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1957 }
ee392693
MH		 1958
1959 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1960 if (err < 0)
1961 goto unlock;
1962
1963 if (changed)
1964 err = new_settings(hdev, sk);
6d80dfd0 1965
ee392693
MH		 1966unlock:
1967 hci_dev_unlock(hdev);
1968 return err;
6d80dfd0
JH		 1969}
1970
416a4ae5
JH		 1971static void le_enable_complete(struct hci_dev *hdev, u8 status)
1972{
1973 struct cmd_lookup match = { NULL, hdev };
1974
1975 if (status) {
1976 u8 mgmt_err = mgmt_status(status);
1977
1978 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1979 &mgmt_err);
1980 return;
1981 }
1982
1983 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1984
1985 new_settings(hdev, match.sk);
1986
1987 if (match.sk)
1988 sock_put(match.sk);
441ad2d0
MH		 1989
1990 /* Make sure the controller has a good default for
1991 * advertising data. Restrict the update to when LE
1992 * has actually been enabled. During power on, the
1993 * update in powered_update_hci will take care of it.
1994 */
1995 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1996 struct hci_request req;
1997
1998 hci_dev_lock(hdev);
1999
2000 hci_req_init(&req, hdev);
5947f4bc 2001 update_adv_data(&req);
f14d8f64 2002 update_scan_rsp_data(&req);
441ad2d0
MH		 2003 hci_req_run(&req, NULL);
2004
2005 hci_dev_unlock(hdev);
2006 }
416a4ae5
JH		 2007}
2008
bdb6d971 2009static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2010{
2011 struct mgmt_mode *cp = data;
2012 struct hci_cp_write_le_host_supported hci_cp;
2013 struct pending_cmd *cmd;
416a4ae5 2014 struct hci_request req;
06199cf8 2015 int err;
0b60eba1 2016 u8 val, enabled;
06199cf8 2017
bdb6d971 2018 BT_DBG("request for %s", hdev->name);
06199cf8 2019
13ecd8b6
JH		 2020 if (!lmp_le_capable(hdev))
2021 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2022 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2023
a7e80f25
JH		 2024 if (cp->val != 0x00 && cp->val != 0x01)
2025 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2026 MGMT_STATUS_INVALID_PARAMS);
2027
c73eee91 2028 /* LE-only devices do not allow toggling LE on/off */
56f87901 2029 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2030 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2031 MGMT_STATUS_REJECTED);
2032
13ecd8b6 2033 hci_dev_lock(hdev);
06199cf8
JH		 2034
2035 val = !!cp->val;
ffa88e02 2036 enabled = lmp_host_le_capable(hdev);
06199cf8 2037
0b60eba1 2038 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2039 bool changed = false;
2040
2041 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2042 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2043 changed = true;
2044 }
2045
f3d3444a
JH		 2046 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2047 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2048 changed = true;
2049 }
2050
06199cf8
JH		 2051 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2052 if (err < 0)
1de028ce 2053 goto unlock;
06199cf8
JH		 2054
2055 if (changed)
2056 err = new_settings(hdev, sk);
2057
1de028ce 2058 goto unlock;
06199cf8
JH		 2059 }
2060
4375f103
JH		 2061 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2062 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2063 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2064 MGMT_STATUS_BUSY);
1de028ce 2065 goto unlock;
06199cf8
JH		 2066 }
2067
2068 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2069 if (!cmd) {
2070 err = -ENOMEM;
1de028ce 2071 goto unlock;
06199cf8
JH		 2072 }
2073
441ad2d0
MH		 2074 hci_req_init(&req, hdev);
2075
06199cf8
JH		 2076 memset(&hci_cp, 0, sizeof(hci_cp));
2077
2078 if (val) {
2079 hci_cp.le = val;
ffa88e02 2080 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2081 } else {
2082 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2083 disable_advertising(&req);
06199cf8
JH		 2084 }
2085
416a4ae5
JH		 2086 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2087 &hci_cp);
2088
2089 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2090 if (err < 0)
06199cf8 2091 mgmt_pending_remove(cmd);
06199cf8 2092
1de028ce
JH		 2093unlock:
2094 hci_dev_unlock(hdev);
06199cf8
JH		 2095 return err;
2096}
2097
0cab9c80
JH		 2098/* This is a helper function to test for pending mgmt commands that can
2099 * cause CoD or EIR HCI commands. We can only allow one such pending
2100 * mgmt command at a time since otherwise we cannot easily track what
2101 * the current values are, will be, and based on that calculate if a new
2102 * HCI command needs to be sent and if yes with what value.
2103 */
2104static bool pending_eir_or_class(struct hci_dev *hdev)
2105{
2106 struct pending_cmd *cmd;
2107
2108 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2109 switch (cmd->opcode) {
2110 case MGMT_OP_ADD_UUID:
2111 case MGMT_OP_REMOVE_UUID:
2112 case MGMT_OP_SET_DEV_CLASS:
2113 case MGMT_OP_SET_POWERED:
2114 return true;
2115 }
2116 }
2117
2118 return false;
2119}
2120
83be8eca
JH		 2121static const u8 bluetooth_base_uuid[] = {
2122 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2123 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2124};
2125
2126static u8 get_uuid_size(const u8 *uuid)
2127{
2128 u32 val;
2129
2130 if (memcmp(uuid, bluetooth_base_uuid, 12))
2131 return 128;
2132
2133 val = get_unaligned_le32(&uuid[12]);
2134 if (val > 0xffff)
2135 return 32;
2136
2137 return 16;
2138}
2139
92da6097
JH		 2140static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2141{
2142 struct pending_cmd *cmd;
2143
2144 hci_dev_lock(hdev);
2145
2146 cmd = mgmt_pending_find(mgmt_op, hdev);
2147 if (!cmd)
2148 goto unlock;
2149
2150 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2151 hdev->dev_class, 3);
2152
2153 mgmt_pending_remove(cmd);
2154
2155unlock:
2156 hci_dev_unlock(hdev);
2157}
2158
2159static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2160{
2161 BT_DBG("status 0x%02x", status);
2162
2163 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2164}
2165
bdb6d971 2166static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2167{
650f726d 2168 struct mgmt_cp_add_uuid *cp = data;
90e70454 2169 struct pending_cmd *cmd;
890ea898 2170 struct hci_request req;
2aeb9a1a 2171 struct bt_uuid *uuid;
2aeb9a1a
JH		 2172 int err;
2173
bdb6d971 2174 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2175
09fd0de5 2176 hci_dev_lock(hdev);
2aeb9a1a 2177
0cab9c80 2178 if (pending_eir_or_class(hdev)) {
bdb6d971 2179 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2180 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2181 goto failed;
2182 }
2183
92c4c204 2184 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2185 if (!uuid) {
2186 err = -ENOMEM;
2187 goto failed;
2188 }
2189
2190 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2191 uuid->svc_hint = cp->svc_hint;
83be8eca 2192 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2193
de66aa63 2194 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2195
890ea898 2196 hci_req_init(&req, hdev);
1aff6f09 2197
890ea898
JH		 2198 update_class(&req);
2199 update_eir(&req);
2200
92da6097
JH		 2201 err = hci_req_run(&req, add_uuid_complete);
2202 if (err < 0) {
2203 if (err != -ENODATA)
2204 goto failed;
80a1e1db 2205
bdb6d971 2206 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2207 hdev->dev_class, 3);
90e70454
JH		 2208 goto failed;
2209 }
2210
2211 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2212 if (!cmd) {
90e70454 2213 err = -ENOMEM;
890ea898
JH		 2214 goto failed;
2215 }
2216
2217 err = 0;
2aeb9a1a
JH		 2218
2219failed:
09fd0de5 2220 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2221 return err;
2222}
2223
24b78d0f
JH		 2224static bool enable_service_cache(struct hci_dev *hdev)
2225{
2226 if (!hdev_is_powered(hdev))
2227 return false;
2228
2229 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2230 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2231 CACHE_TIMEOUT);
24b78d0f
JH		 2232 return true;
2233 }
2234
2235 return false;
2236}
2237
92da6097
JH		 2238static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2239{
2240 BT_DBG("status 0x%02x", status);
2241
2242 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2243}
2244
bdb6d971 2245static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2246 u16 len)
2aeb9a1a 2247{
650f726d 2248 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2249 struct pending_cmd *cmd;
056341c8 2250 struct bt_uuid *match, *tmp;
2aeb9a1a 2251 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2252 struct hci_request req;
2aeb9a1a
JH		 2253 int err, found;
2254
bdb6d971 2255 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2256
09fd0de5 2257 hci_dev_lock(hdev);
2aeb9a1a 2258
0cab9c80 2259 if (pending_eir_or_class(hdev)) {
bdb6d971 2260 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2261 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2262 goto unlock;
2263 }
2264
2aeb9a1a 2265 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2266 hci_uuids_clear(hdev);
4004b6d9 2267
24b78d0f 2268 if (enable_service_cache(hdev)) {
bdb6d971 2269 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2270 0, hdev->dev_class, 3);
24b78d0f
JH		 2271 goto unlock;
2272 }
4004b6d9 2273
9246a869 2274 goto update_class;
2aeb9a1a
JH		 2275 }
2276
2277 found = 0;
2278
056341c8 2279 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2280 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2281 continue;
2282
2283 list_del(&match->list);
482049f7 2284 kfree(match);
2aeb9a1a
JH		 2285 found++;
2286 }
2287
2288 if (found == 0) {
bdb6d971 2289 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2290 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2291 goto unlock;
2292 }
2293
9246a869 2294update_class:
890ea898 2295 hci_req_init(&req, hdev);
1aff6f09 2296
890ea898
JH		 2297 update_class(&req);
2298 update_eir(&req);
2299
92da6097
JH		 2300 err = hci_req_run(&req, remove_uuid_complete);
2301 if (err < 0) {
2302 if (err != -ENODATA)
2303 goto unlock;
80a1e1db 2304
bdb6d971 2305 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2306 hdev->dev_class, 3);
90e70454
JH		 2307 goto unlock;
2308 }
2309
2310 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2311 if (!cmd) {
90e70454 2312 err = -ENOMEM;
890ea898
JH		 2313 goto unlock;
2314 }
2315
2316 err = 0;
2aeb9a1a
JH		 2317
2318unlock:
09fd0de5 2319 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2320 return err;
2321}
2322
92da6097
JH		 2323static void set_class_complete(struct hci_dev *hdev, u8 status)
2324{
2325 BT_DBG("status 0x%02x", status);
2326
2327 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2328}
2329
bdb6d971 2330static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2331 u16 len)
1aff6f09 2332{
650f726d 2333 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2334 struct pending_cmd *cmd;
890ea898 2335 struct hci_request req;
1aff6f09
JH		 2336 int err;
2337
bdb6d971 2338 BT_DBG("request for %s", hdev->name);
1aff6f09 2339
6203fc98 2340 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2341 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2342 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2343
0cab9c80 2344 hci_dev_lock(hdev);
ee98f473 2345
0cab9c80
JH		 2346 if (pending_eir_or_class(hdev)) {
2347 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2348 MGMT_STATUS_BUSY);
2349 goto unlock;
2350 }
c95f0ba7 2351
0cab9c80
JH		 2352 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2353 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2354 MGMT_STATUS_INVALID_PARAMS);
2355 goto unlock;
2356 }
575b3a02 2357
932f5ff5
JH		 2358 hdev->major_class = cp->major;
2359 hdev->minor_class = cp->minor;
2360
b5235a65 2361 if (!hdev_is_powered(hdev)) {
bdb6d971 2362 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2363 hdev->dev_class, 3);
b5235a65
JH		 2364 goto unlock;
2365 }
2366
890ea898
JH		 2367 hci_req_init(&req, hdev);
2368
a8b2d5c2 2369 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2370 hci_dev_unlock(hdev);
2371 cancel_delayed_work_sync(&hdev->service_cache);
2372 hci_dev_lock(hdev);
890ea898 2373 update_eir(&req);
7d78525d 2374 }
14c0b608 2375
890ea898
JH		 2376 update_class(&req);
2377
92da6097
JH		 2378 err = hci_req_run(&req, set_class_complete);
2379 if (err < 0) {
2380 if (err != -ENODATA)
2381 goto unlock;
1aff6f09 2382
bdb6d971 2383 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2384 hdev->dev_class, 3);
90e70454
JH		 2385 goto unlock;
2386 }
2387
2388 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2389 if (!cmd) {
90e70454 2390 err = -ENOMEM;
890ea898
JH		 2391 goto unlock;
2392 }
2393
2394 err = 0;
1aff6f09 2395
b5235a65 2396unlock:
09fd0de5 2397 hci_dev_unlock(hdev);
1aff6f09
JH		 2398 return err;
2399}
2400
bdb6d971 2401static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2402 u16 len)
55ed8ca1 2403{
650f726d 2404 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2405 u16 key_count, expected_len;
b1de97d8 2406 bool changed;
a492cd52 2407 int i;
55ed8ca1 2408
9060d5cf
MH		 2409 BT_DBG("request for %s", hdev->name);
2410
2411 if (!lmp_bredr_capable(hdev))
2412 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2413 MGMT_STATUS_NOT_SUPPORTED);
2414
1f350c87 2415 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2416
86742e1e
JH		 2417 expected_len = sizeof(*cp) + key_count *
2418 sizeof(struct mgmt_link_key_info);
a492cd52 2419 if (expected_len != len) {
86742e1e 2420 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2421 expected_len, len);
bdb6d971 2422 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2423 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2424 }
2425
4ae14301
JH		 2426 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2427 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2428 MGMT_STATUS_INVALID_PARAMS);
2429
bdb6d971 2430 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2431 key_count);
55ed8ca1 2432
4ee71b20
JH		 2433 for (i = 0; i < key_count; i++) {
2434 struct mgmt_link_key_info *key = &cp->keys[i];
2435
8e991132 2436 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2437 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2438 MGMT_STATUS_INVALID_PARAMS);
2439 }
2440
09fd0de5 2441 hci_dev_lock(hdev);
55ed8ca1
JH		 2442
2443 hci_link_keys_clear(hdev);
2444
55ed8ca1 2445 if (cp->debug_keys)
0663b297
JH		 2446 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2447 &hdev->dev_flags);
55ed8ca1 2448 else
0663b297
JH		 2449 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2450 &hdev->dev_flags);
b1de97d8
MH		 2451
2452 if (changed)
2453 new_settings(hdev, NULL);
55ed8ca1 2454
a492cd52 2455 for (i = 0; i < key_count; i++) {
86742e1e 2456 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2457
58e9293c
JH		 2458 /* Always ignore debug keys and require a new pairing if
2459 * the user wants to use them.
2460 */
2461 if (key->type == HCI_LK_DEBUG_COMBINATION)
2462 continue;
2463
7652ff6a
JH		 2464 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2465 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2466 }
2467
bdb6d971 2468 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2469
09fd0de5 2470 hci_dev_unlock(hdev);
55ed8ca1 2471
a492cd52 2472 return 0;
55ed8ca1
JH		 2473}
2474
b1078ad0 2475static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2476 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2477{
2478 struct mgmt_ev_device_unpaired ev;
2479
2480 bacpy(&ev.addr.bdaddr, bdaddr);
2481 ev.addr.type = addr_type;
2482
2483 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2484 skip_sk);
b1078ad0
JH		 2485}
2486
bdb6d971 2487static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2488 u16 len)
55ed8ca1 2489{
124f6e35
JH		 2490 struct mgmt_cp_unpair_device *cp = data;
2491 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2492 struct hci_cp_disconnect dc;
2493 struct pending_cmd *cmd;
55ed8ca1 2494 struct hci_conn *conn;
55ed8ca1
JH		 2495 int err;
2496
a8a1d19e 2497 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2498 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2499 rp.addr.type = cp->addr.type;
a8a1d19e 2500
4ee71b20
JH		 2501 if (!bdaddr_type_is_valid(cp->addr.type))
2502 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2503 MGMT_STATUS_INVALID_PARAMS,
2504 &rp, sizeof(rp));
2505
118da70b
JH		 2506 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2507 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2508 MGMT_STATUS_INVALID_PARAMS,
2509 &rp, sizeof(rp));
2510
4ee71b20
JH		 2511 hci_dev_lock(hdev);
2512
86a8cfc6 2513 if (!hdev_is_powered(hdev)) {
bdb6d971 2514 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2515 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2516 goto unlock;
2517 }
2518
e0b2b27e 2519 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2520 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2521 } else {
2522 u8 addr_type;
2523
2524 if (cp->addr.type == BDADDR_LE_PUBLIC)
2525 addr_type = ADDR_LE_DEV_PUBLIC;
2526 else
2527 addr_type = ADDR_LE_DEV_RANDOM;
2528
a7ec7338
JH		 2529 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2530
a9b0a04c
AG		 2531 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2532
e0b2b27e
JH		 2533 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2534 }
b0dbfb46 2535
55ed8ca1 2536 if (err < 0) {
bdb6d971 2537 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2538 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2539 goto unlock;
2540 }
2541
86a8cfc6 2542 if (cp->disconnect) {
591f47f3 2543 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2544 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2545 &cp->addr.bdaddr);
86a8cfc6
JH		 2546 else
2547 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2548 &cp->addr.bdaddr);
86a8cfc6
JH		 2549 } else {
2550 conn = NULL;
2551 }
124f6e35 2552
a8a1d19e 2553 if (!conn) {
bdb6d971 2554 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2555 &rp, sizeof(rp));
b1078ad0 2556 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2557 goto unlock;
2558 }
55ed8ca1 2559
124f6e35 2560 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2561 sizeof(*cp));
a8a1d19e
JH		 2562 if (!cmd) {
2563 err = -ENOMEM;
2564 goto unlock;
55ed8ca1
JH		 2565 }
2566
eb55ef07 2567 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2568 dc.reason = 0x13; /* Remote User Terminated Connection */
2569 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2570 if (err < 0)
2571 mgmt_pending_remove(cmd);
2572
55ed8ca1 2573unlock:
09fd0de5 2574 hci_dev_unlock(hdev);
55ed8ca1
JH		 2575 return err;
2576}
2577
bdb6d971 2578static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2579 u16 len)
8962ee74 2580{
650f726d 2581 struct mgmt_cp_disconnect *cp = data;
06a63b19 2582 struct mgmt_rp_disconnect rp;
8962ee74 2583 struct hci_cp_disconnect dc;
366a0336 2584 struct pending_cmd *cmd;
8962ee74 2585 struct hci_conn *conn;
8962ee74
JH		 2586 int err;
2587
2588 BT_DBG("");
2589
06a63b19
JH		 2590 memset(&rp, 0, sizeof(rp));
2591 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2592 rp.addr.type = cp->addr.type;
2593
4ee71b20 2594 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2595 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2596 MGMT_STATUS_INVALID_PARAMS,
2597 &rp, sizeof(rp));
4ee71b20 2598
09fd0de5 2599 hci_dev_lock(hdev);
8962ee74
JH		 2600
2601 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2602 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2603 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2604 goto failed;
2605 }
2606
2e58ef3e 2607 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2608 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2609 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2610 goto failed;
2611 }
2612
591f47f3 2613 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2614 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2615 &cp->addr.bdaddr);
88c3df13
JH		 2616 else
2617 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2618
f960727e 2619 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2620 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2621 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2622 goto failed;
2623 }
2624
2e58ef3e 2625 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2626 if (!cmd) {
2627 err = -ENOMEM;
8962ee74 2628 goto failed;
366a0336 2629 }
8962ee74 2630
eb55ef07 2631 dc.handle = cpu_to_le16(conn->handle);
3701f944 2632 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2633
2634 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2635 if (err < 0)
a664b5bc 2636 mgmt_pending_remove(cmd);
8962ee74
JH		 2637
2638failed:
09fd0de5 2639 hci_dev_unlock(hdev);
8962ee74
JH		 2640 return err;
2641}
2642
57c1477c 2643static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2644{
2645 switch (link_type) {
2646 case LE_LINK:
48264f06
JH		 2647 switch (addr_type) {
2648 case ADDR_LE_DEV_PUBLIC:
591f47f3 2649 return BDADDR_LE_PUBLIC;
0ed09148 2650
48264f06 2651 default:
0ed09148 2652 /* Fallback to LE Random address type */
591f47f3 2653 return BDADDR_LE_RANDOM;
48264f06 2654 }
0ed09148 2655
4c659c39 2656 default:
0ed09148 2657 /* Fallback to BR/EDR type */
591f47f3 2658 return BDADDR_BREDR;
4c659c39
JH		 2659 }
2660}
2661
04124681
GP		 2662static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2663 u16 data_len)
2784eb41 2664{
2784eb41 2665 struct mgmt_rp_get_connections *rp;
8035ded4 2666 struct hci_conn *c;
a38528f1 2667 size_t rp_len;
60fc5fb6
JH		 2668 int err;
2669 u16 i;
2784eb41
JH		 2670
2671 BT_DBG("");
2672
09fd0de5 2673 hci_dev_lock(hdev);
2784eb41 2674
5f97c1df 2675 if (!hdev_is_powered(hdev)) {
bdb6d971 2676 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2677 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2678 goto unlock;
2679 }
2680
60fc5fb6 2681 i = 0;
b644ba33
JH		 2682 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2683 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2684 i++;
2784eb41
JH		 2685 }
2686
60fc5fb6 2687 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2688 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2689 if (!rp) {
2784eb41
JH		 2690 err = -ENOMEM;
2691 goto unlock;
2692 }
2693
2784eb41 2694 i = 0;
4c659c39 2695 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2696 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2697 continue;
4c659c39 2698 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2699 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2700 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2701 continue;
2702 i++;
2703 }
2704
eb55ef07 2705 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2706
4c659c39
JH		 2707 /* Recalculate length in case of filtered SCO connections, etc */
2708 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2709
bdb6d971 2710 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2711 rp_len);
2784eb41 2712
a38528f1 2713 kfree(rp);
5f97c1df
JH		 2714
2715unlock:
09fd0de5 2716 hci_dev_unlock(hdev);
2784eb41
JH		 2717 return err;
2718}
2719
bdb6d971 2720static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2721 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2722{
2723 struct pending_cmd *cmd;
2724 int err;
2725
2e58ef3e 2726 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2727 sizeof(*cp));
96d97a67
WR		 2728 if (!cmd)
2729 return -ENOMEM;
2730
d8457698 2731 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2732 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2733 if (err < 0)
2734 mgmt_pending_remove(cmd);
2735
2736 return err;
2737}
2738
bdb6d971 2739static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2740 u16 len)
980e1a53 2741{
96d97a67 2742 struct hci_conn *conn;
650f726d 2743 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2744 struct hci_cp_pin_code_reply reply;
366a0336 2745 struct pending_cmd *cmd;
980e1a53
JH		 2746 int err;
2747
2748 BT_DBG("");
2749
09fd0de5 2750 hci_dev_lock(hdev);
980e1a53 2751
4b34ee78 2752 if (!hdev_is_powered(hdev)) {
bdb6d971 2753 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2754 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2755 goto failed;
2756 }
2757
d8457698 2758 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2759 if (!conn) {
bdb6d971 2760 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2761 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2762 goto failed;
2763 }
2764
2765 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2766 struct mgmt_cp_pin_code_neg_reply ncp;
2767
2768 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2769
2770 BT_ERR("PIN code is not 16 bytes long");
2771
bdb6d971 2772 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2773 if (err >= 0)
bdb6d971 2774 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2775 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2776
2777 goto failed;
2778 }
2779
00abfe44 2780 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2781 if (!cmd) {
2782 err = -ENOMEM;
980e1a53 2783 goto failed;
366a0336 2784 }
980e1a53 2785
d8457698 2786 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2787 reply.pin_len = cp->pin_len;
24718ca5 2788 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2789
2790 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2791 if (err < 0)
a664b5bc 2792 mgmt_pending_remove(cmd);
980e1a53
JH		 2793
2794failed:
09fd0de5 2795 hci_dev_unlock(hdev);
980e1a53
JH		 2796 return err;
2797}
2798
04124681
GP		 2799static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2800 u16 len)
17fa4b9d 2801{
650f726d 2802 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2803
2804 BT_DBG("");
2805
4ec86d4c
JH		 2806 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2807 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2808 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2809
09fd0de5 2810 hci_dev_lock(hdev);
17fa4b9d
JH		 2811
2812 hdev->io_capability = cp->io_capability;
2813
2814 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2815 hdev->io_capability);
17fa4b9d 2816
09fd0de5 2817 hci_dev_unlock(hdev);
17fa4b9d 2818
04124681
GP		 2819 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2820 0);
17fa4b9d
JH		 2821}
2822
6039aa73 2823static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2824{
2825 struct hci_dev *hdev = conn->hdev;
8035ded4 2826 struct pending_cmd *cmd;
e9a416b5 2827
2e58ef3e 2828 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2829 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2830 continue;
2831
e9a416b5
JH		 2832 if (cmd->user_data != conn)
2833 continue;
2834
2835 return cmd;
2836 }
2837
2838 return NULL;
2839}
2840
2841static void pairing_complete(struct pending_cmd *cmd, u8 status)
2842{
2843 struct mgmt_rp_pair_device rp;
2844 struct hci_conn *conn = cmd->user_data;
2845
61b1a7fb
JH		 2846 bacpy(&rp.addr.bdaddr, &conn->dst);
2847 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2848
aee9b218 2849 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2850 &rp, sizeof(rp));
e9a416b5
JH		 2851
2852 /* So we don't get further callbacks for this connection */
2853 conn->connect_cfm_cb = NULL;
2854 conn->security_cfm_cb = NULL;
2855 conn->disconn_cfm_cb = NULL;
2856
76a68ba0 2857 hci_conn_drop(conn);
e9a416b5 2858
a664b5bc 2859 mgmt_pending_remove(cmd);
e9a416b5
JH		 2860}
2861
f4a407be
JH		 2862void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2863{
2864 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2865 struct pending_cmd *cmd;
2866
2867 cmd = find_pairing(conn);
2868 if (cmd)
2869 pairing_complete(cmd, status);
2870}
2871
e9a416b5
JH		 2872static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2873{
2874 struct pending_cmd *cmd;
2875
2876 BT_DBG("status %u", status);
2877
2878 cmd = find_pairing(conn);
56e5cb86 2879 if (!cmd)
e9a416b5 2880 BT_DBG("Unable to find a pending command");
56e5cb86 2881 else
e211326c 2882 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2883}
2884
f4a407be 2885static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2886{
2887 struct pending_cmd *cmd;
2888
2889 BT_DBG("status %u", status);
2890
2891 if (!status)
2892 return;
2893
2894 cmd = find_pairing(conn);
2895 if (!cmd)
2896 BT_DBG("Unable to find a pending command");
2897 else
2898 pairing_complete(cmd, mgmt_status(status));
2899}
2900
bdb6d971 2901static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2902 u16 len)
e9a416b5 2903{
650f726d 2904 struct mgmt_cp_pair_device *cp = data;
1425acb7 2905 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2906 struct pending_cmd *cmd;
2907 u8 sec_level, auth_type;
2908 struct hci_conn *conn;
e9a416b5
JH		 2909 int err;
2910
2911 BT_DBG("");
2912
f950a30e
SJ		 2913 memset(&rp, 0, sizeof(rp));
2914 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2915 rp.addr.type = cp->addr.type;
2916
4ee71b20
JH		 2917 if (!bdaddr_type_is_valid(cp->addr.type))
2918 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2919 MGMT_STATUS_INVALID_PARAMS,
2920 &rp, sizeof(rp));
2921
4ec86d4c
JH		 2922 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2923 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2924 MGMT_STATUS_INVALID_PARAMS,
2925 &rp, sizeof(rp));
2926
09fd0de5 2927 hci_dev_lock(hdev);
e9a416b5 2928
5f97c1df 2929 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2930 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2931 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2932 goto unlock;
2933 }
2934
c908df36 2935 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2936 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2937
6f77d8c7 2938 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2939 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2940 auth_type);
6f77d8c7
AG		 2941 } else {
2942 u8 addr_type;
2943
2944 /* Convert from L2CAP channel address type to HCI address type
2945 */
2946 if (cp->addr.type == BDADDR_LE_PUBLIC)
2947 addr_type = ADDR_LE_DEV_PUBLIC;
2948 else
2949 addr_type = ADDR_LE_DEV_RANDOM;
2950
7c264b10
MH		 2951 /* When pairing a new device, it is expected to remember
2952 * this device for future connections. Adding the connection
2953 * parameter information ahead of time allows tracking
2954 * of the slave preferred values and will speed up any
2955 * further connection establishment.
2956 *
2957 * If connection parameters already exist, then they
2958 * will be kept and this function does nothing.
2959 */
2960 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2961
6f77d8c7 2962 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2963 sec_level, auth_type);
6f77d8c7 2964 }
7a512d01 2965
30e76272 2966 if (IS_ERR(conn)) {
489dc48e
AK		 2967 int status;
2968
2969 if (PTR_ERR(conn) == -EBUSY)
2970 status = MGMT_STATUS_BUSY;
2971 else
2972 status = MGMT_STATUS_CONNECT_FAILED;
2973
bdb6d971 2974 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2975 status, &rp,
04124681 2976 sizeof(rp));
e9a416b5
JH		 2977 goto unlock;
2978 }
2979
2980 if (conn->connect_cfm_cb) {
76a68ba0 2981 hci_conn_drop(conn);
bdb6d971 2982 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2983 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2984 goto unlock;
2985 }
2986
2e58ef3e 2987 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2988 if (!cmd) {
2989 err = -ENOMEM;
76a68ba0 2990 hci_conn_drop(conn);
e9a416b5
JH		 2991 goto unlock;
2992 }
2993
7a512d01 2994 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2995 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2996 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2997 conn->security_cfm_cb = pairing_complete_cb;
2998 conn->disconn_cfm_cb = pairing_complete_cb;
2999 } else {
3000 conn->connect_cfm_cb = le_pairing_complete_cb;
3001 conn->security_cfm_cb = le_pairing_complete_cb;
3002 conn->disconn_cfm_cb = le_pairing_complete_cb;
3003 }
7a512d01 3004
e9a416b5
JH		 3005 conn->io_capability = cp->io_cap;
3006 cmd->user_data = conn;
3007
3008 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3009 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3010 pairing_complete(cmd, 0);
3011
3012 err = 0;
3013
3014unlock:
09fd0de5 3015 hci_dev_unlock(hdev);
e9a416b5
JH		 3016 return err;
3017}
3018
04124681
GP		 3019static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3020 u16 len)
28424707 3021{
0f4e68cf 3022 struct mgmt_addr_info *addr = data;
28424707
JH		 3023 struct pending_cmd *cmd;
3024 struct hci_conn *conn;
3025 int err;
3026
3027 BT_DBG("");
3028
28424707
JH		 3029 hci_dev_lock(hdev);
3030
5f97c1df 3031 if (!hdev_is_powered(hdev)) {
bdb6d971 3032 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3033 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3034 goto unlock;
3035 }
3036
28424707
JH		 3037 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3038 if (!cmd) {
bdb6d971 3039 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3040 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3041 goto unlock;
3042 }
3043
3044 conn = cmd->user_data;
3045
3046 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3047 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3048 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3049 goto unlock;
3050 }
3051
3052 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3053
bdb6d971 3054 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3055 addr, sizeof(*addr));
28424707
JH		 3056unlock:
3057 hci_dev_unlock(hdev);
28424707
JH		 3058 return err;
3059}
3060
bdb6d971 3061static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3062 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3063 u16 hci_op, __le32 passkey)
a5c29683 3064{
a5c29683 3065 struct pending_cmd *cmd;
0df4c185 3066 struct hci_conn *conn;
a5c29683
JH		 3067 int err;
3068
09fd0de5 3069 hci_dev_lock(hdev);
08ba5382 3070
4b34ee78 3071 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3072 err = cmd_complete(sk, hdev->id, mgmt_op,
3073 MGMT_STATUS_NOT_POWERED, addr,
3074 sizeof(*addr));
0df4c185 3075 goto done;
a5c29683
JH		 3076 }
3077
1707c60e
JH		 3078 if (addr->type == BDADDR_BREDR)
3079 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3080 else
1707c60e 3081 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3082
3083 if (!conn) {
feb94d3d
JH		 3084 err = cmd_complete(sk, hdev->id, mgmt_op,
3085 MGMT_STATUS_NOT_CONNECTED, addr,
3086 sizeof(*addr));
272d90df
JH		 3087 goto done;
3088 }
47c15e2b 3089
1707c60e 3090 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3091 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3092 if (!err)
feb94d3d
JH		 3093 err = cmd_complete(sk, hdev->id, mgmt_op,
3094 MGMT_STATUS_SUCCESS, addr,
3095 sizeof(*addr));
5fe57d9e 3096 else
feb94d3d
JH		 3097 err = cmd_complete(sk, hdev->id, mgmt_op,
3098 MGMT_STATUS_FAILED, addr,
3099 sizeof(*addr));
47c15e2b 3100
47c15e2b
BG		 3101 goto done;
3102 }
3103
1707c60e 3104 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3105 if (!cmd) {
3106 err = -ENOMEM;
0df4c185 3107 goto done;
a5c29683
JH		 3108 }
3109
0df4c185 3110 /* Continue with pairing via HCI */
604086b7
BG		 3111 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3112 struct hci_cp_user_passkey_reply cp;
3113
1707c60e 3114 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3115 cp.passkey = passkey;
3116 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3117 } else
1707c60e
JH		 3118 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3119 &addr->bdaddr);
604086b7 3120
a664b5bc
JH		 3121 if (err < 0)
3122 mgmt_pending_remove(cmd);
a5c29683 3123
0df4c185 3124done:
09fd0de5 3125 hci_dev_unlock(hdev);
a5c29683
JH		 3126 return err;
3127}
3128
afeb019d
JK		 3129static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3130 void *data, u16 len)
3131{
3132 struct mgmt_cp_pin_code_neg_reply *cp = data;
3133
3134 BT_DBG("");
3135
1707c60e 3136 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3137 MGMT_OP_PIN_CODE_NEG_REPLY,
3138 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3139}
3140
04124681
GP		 3141static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3142 u16 len)
0df4c185 3143{
650f726d 3144 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3145
3146 BT_DBG("");
3147
3148 if (len != sizeof(*cp))
bdb6d971 3149 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3150 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3151
1707c60e 3152 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3153 MGMT_OP_USER_CONFIRM_REPLY,
3154 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3155}
3156
bdb6d971 3157static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3158 void *data, u16 len)
0df4c185 3159{
c9c2659f 3160 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3161
3162 BT_DBG("");
3163
1707c60e 3164 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3165 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3166 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3167}
3168
04124681
GP		 3169static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3170 u16 len)
604086b7 3171{
650f726d 3172 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3173
3174 BT_DBG("");
3175
1707c60e 3176 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3177 MGMT_OP_USER_PASSKEY_REPLY,
3178 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3179}
3180
bdb6d971 3181static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3182 void *data, u16 len)
604086b7 3183{
650f726d 3184 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3185
3186 BT_DBG("");
3187
1707c60e 3188 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3189 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3190 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3191}
3192
13928971 3193static void update_name(struct hci_request *req)
2b4bf397 3194{
13928971 3195 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3196 struct hci_cp_write_local_name cp;
3197
13928971 3198 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3199
890ea898 3200 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3201}
3202
13928971
JH		 3203static void set_name_complete(struct hci_dev *hdev, u8 status)
3204{
3205 struct mgmt_cp_set_local_name *cp;
3206 struct pending_cmd *cmd;
3207
3208 BT_DBG("status 0x%02x", status);
3209
3210 hci_dev_lock(hdev);
3211
3212 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3213 if (!cmd)
3214 goto unlock;
3215
3216 cp = cmd->param;
3217
3218 if (status)
3219 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3220 mgmt_status(status));
3221 else
3222 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3223 cp, sizeof(*cp));
3224
3225 mgmt_pending_remove(cmd);
3226
3227unlock:
3228 hci_dev_unlock(hdev);
3229}
3230
bdb6d971 3231static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3232 u16 len)
b312b161 3233{
2b4bf397 3234 struct mgmt_cp_set_local_name *cp = data;
b312b161 3235 struct pending_cmd *cmd;
890ea898 3236 struct hci_request req;
b312b161
JH		 3237 int err;
3238
3239 BT_DBG("");
3240
09fd0de5 3241 hci_dev_lock(hdev);
b312b161 3242
b3f2ca94
JH		 3243 /* If the old values are the same as the new ones just return a
3244 * direct command complete event.
3245 */
3246 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3247 !memcmp(hdev->short_name, cp->short_name,
3248 sizeof(hdev->short_name))) {
3249 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3250 data, len);
3251 goto failed;
3252 }
3253
2b4bf397 3254 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3255
b5235a65 3256 if (!hdev_is_powered(hdev)) {
2b4bf397 3257 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3258
3259 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3260 data, len);
28cc7bde
JH		 3261 if (err < 0)
3262 goto failed;
3263
3264 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3265 sk);
28cc7bde 3266
b5235a65
JH		 3267 goto failed;
3268 }
3269
28cc7bde 3270 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3271 if (!cmd) {
3272 err = -ENOMEM;
3273 goto failed;
3274 }
3275
13928971
JH		 3276 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3277
890ea898 3278 hci_req_init(&req, hdev);
3f985050
JH		 3279
3280 if (lmp_bredr_capable(hdev)) {
3281 update_name(&req);
3282 update_eir(&req);
3283 }
3284
7a5f4990
MH		 3285 /* The name is stored in the scan response data and so
3286 * no need to udpate the advertising data here.
3287 */
3f985050 3288 if (lmp_le_capable(hdev))
7a5f4990 3289 update_scan_rsp_data(&req);
3f985050 3290
13928971 3291 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3292 if (err < 0)
3293 mgmt_pending_remove(cmd);
3294
3295failed:
09fd0de5 3296 hci_dev_unlock(hdev);
b312b161
JH		 3297 return err;
3298}
3299
0f4e68cf 3300static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3301 void *data, u16 data_len)
c35938b2 3302{
c35938b2
SJ		 3303 struct pending_cmd *cmd;
3304 int err;
3305
bdb6d971 3306 BT_DBG("%s", hdev->name);
c35938b2 3307
09fd0de5 3308 hci_dev_lock(hdev);
c35938b2 3309
4b34ee78 3310 if (!hdev_is_powered(hdev)) {
bdb6d971 3311 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3312 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3313 goto unlock;
3314 }
3315
9a1a1996 3316 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3317 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3318 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3319 goto unlock;
3320 }
3321
2e58ef3e 3322 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3323 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3324 MGMT_STATUS_BUSY);
c35938b2
SJ		 3325 goto unlock;
3326 }
3327
2e58ef3e 3328 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3329 if (!cmd) {
3330 err = -ENOMEM;
3331 goto unlock;
3332 }
3333
4d2d2796
MH		 3334 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3335 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3336 0, NULL);
3337 else
3338 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3339
c35938b2
SJ		 3340 if (err < 0)
3341 mgmt_pending_remove(cmd);
3342
3343unlock:
09fd0de5 3344 hci_dev_unlock(hdev);
c35938b2
SJ		 3345 return err;
3346}
3347
bdb6d971 3348static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3349 void *data, u16 len)
2763eda6 3350{
2763eda6
SJ		 3351 int err;
3352
bdb6d971 3353 BT_DBG("%s ", hdev->name);
2763eda6 3354
09fd0de5 3355 hci_dev_lock(hdev);
2763eda6 3356
ec109113
MH		 3357 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3358 struct mgmt_cp_add_remote_oob_data *cp = data;
3359 u8 status;
bf1e3541 3360
ec109113
MH		 3361 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3362 cp->hash, cp->randomizer);
3363 if (err < 0)
3364 status = MGMT_STATUS_FAILED;
3365 else
3366 status = MGMT_STATUS_SUCCESS;
3367
3368 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3369 status, &cp->addr, sizeof(cp->addr));
3370 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3371 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3372 u8 status;
3373
3374 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3375 cp->hash192,
3376 cp->randomizer192,
3377 cp->hash256,
3378 cp->randomizer256);
3379 if (err < 0)
3380 status = MGMT_STATUS_FAILED;
3381 else
3382 status = MGMT_STATUS_SUCCESS;
3383
3384 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3385 status, &cp->addr, sizeof(cp->addr));
3386 } else {
3387 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3388 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3389 MGMT_STATUS_INVALID_PARAMS);
3390 }
2763eda6 3391
09fd0de5 3392 hci_dev_unlock(hdev);
2763eda6
SJ		 3393 return err;
3394}
3395
bdb6d971 3396static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3397 void *data, u16 len)
2763eda6 3398{
650f726d 3399 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3400 u8 status;
2763eda6
SJ		 3401 int err;
3402
bdb6d971 3403 BT_DBG("%s", hdev->name);
2763eda6 3404
09fd0de5 3405 hci_dev_lock(hdev);
2763eda6 3406
664ce4cc 3407 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3408 if (err < 0)
bf1e3541 3409 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3410 else
a6785be2 3411 status = MGMT_STATUS_SUCCESS;
bf1e3541 3412
bdb6d971 3413 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3414 status, &cp->addr, sizeof(cp->addr));
2763eda6 3415
09fd0de5 3416 hci_dev_unlock(hdev);
2763eda6
SJ		 3417 return err;
3418}
3419
41dc2bd6
AG		 3420static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3421{
3422 struct pending_cmd *cmd;
3423 u8 type;
3424 int err;
3425
3426 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3427
3428 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3429 if (!cmd)
3430 return -ENOENT;
3431
3432 type = hdev->discovery.type;
3433
3434 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3435 &type, sizeof(type));
3436 mgmt_pending_remove(cmd);
3437
3438 return err;
3439}
3440
7c307720
AG		 3441static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3442{
ae55f598
LR		 3443 unsigned long timeout = 0;
3444
7c307720
AG		 3445 BT_DBG("status %d", status);
3446
3447 if (status) {
3448 hci_dev_lock(hdev);
3449 mgmt_start_discovery_failed(hdev, status);
3450 hci_dev_unlock(hdev);
3451 return;
3452 }
3453
3454 hci_dev_lock(hdev);
3455 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3456 hci_dev_unlock(hdev);
3457
3458 switch (hdev->discovery.type) {
3459 case DISCOV_TYPE_LE:
3d5a76f0 3460 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3461 break;
3462
3463 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3464 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3465 break;
3466
3467 case DISCOV_TYPE_BREDR:
3468 break;
3469
3470 default:
3471 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3472 }
ae55f598
LR		 3473
3474 if (!timeout)
3475 return;
3476
3477 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3478}
3479
bdb6d971 3480static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3481 void *data, u16 len)
14a53664 3482{
650f726d 3483 struct mgmt_cp_start_discovery *cp = data;
14a53664 3484 struct pending_cmd *cmd;
7c307720
AG		 3485 struct hci_cp_le_set_scan_param param_cp;
3486 struct hci_cp_le_set_scan_enable enable_cp;
3487 struct hci_cp_inquiry inq_cp;
3488 struct hci_request req;
3489 /* General inquiry access code (GIAC) */
3490 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3491 u8 status, own_addr_type;
14a53664
JH		 3492 int err;
3493
bdb6d971 3494 BT_DBG("%s", hdev->name);
14a53664 3495
09fd0de5 3496 hci_dev_lock(hdev);
14a53664 3497
4b34ee78 3498 if (!hdev_is_powered(hdev)) {
bdb6d971 3499 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3500 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3501 goto failed;
3502 }
3503
642be6c7
AG		 3504 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3505 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3506 MGMT_STATUS_BUSY);
3507 goto failed;
3508 }
3509
ff9ef578 3510 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3511 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3512 MGMT_STATUS_BUSY);
ff9ef578
JH		 3513 goto failed;
3514 }
3515
2e58ef3e 3516 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3517 if (!cmd) {
3518 err = -ENOMEM;
3519 goto failed;
3520 }
3521
4aab14e5
AG		 3522 hdev->discovery.type = cp->type;
3523
7c307720
AG		 3524 hci_req_init(&req, hdev);
3525
4aab14e5 3526 switch (hdev->discovery.type) {
f39799f5 3527 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3528 status = mgmt_bredr_support(hdev);
3529 if (status) {
04106755 3530 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3531 status);
04106755
JH		 3532 mgmt_pending_remove(cmd);
3533 goto failed;
3534 }
3535
7c307720
AG		 3536 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3537 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3538 MGMT_STATUS_BUSY);
3539 mgmt_pending_remove(cmd);
3540 goto failed;
3541 }
3542
3543 hci_inquiry_cache_flush(hdev);
3544
3545 memset(&inq_cp, 0, sizeof(inq_cp));
3546 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3547 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3548 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3549 break;
3550
3551 case DISCOV_TYPE_LE:
7c307720 3552 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3553 status = mgmt_le_support(hdev);
3554 if (status) {
04106755 3555 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3556 status);
04106755
JH		 3557 mgmt_pending_remove(cmd);
3558 goto failed;
3559 }
3560
7c307720 3561 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3562 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3563 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3564 MGMT_STATUS_NOT_SUPPORTED);
3565 mgmt_pending_remove(cmd);
3566 goto failed;
3567 }
3568
f3d3444a 3569 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3570 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3571 MGMT_STATUS_REJECTED);
3572 mgmt_pending_remove(cmd);
3573 goto failed;
3574 }
3575
c54c3860
AG		 3576 /* If controller is scanning, it means the background scanning
3577 * is running. Thus, we should temporarily stop it in order to
3578 * set the discovery scanning parameters.
3579 */
3580 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3581 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3582
3583 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3584
94b1fc92
MH		 3585 /* All active scans will be done with either a resolvable
3586 * private address (when privacy feature has been enabled)
3587 * or unresolvable private address.
3588 */
3589 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3590 if (err < 0) {
3591 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3592 MGMT_STATUS_FAILED);
3593 mgmt_pending_remove(cmd);
3594 goto failed;
3595 }
3596
7c307720 3597 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3598 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3599 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3600 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3601 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3602 &param_cp);
3603
3604 memset(&enable_cp, 0, sizeof(enable_cp));
3605 enable_cp.enable = LE_SCAN_ENABLE;
3606 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3607 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3608 &enable_cp);
5e0452c0
AG		 3609 break;
3610
f39799f5 3611 default:
04106755
JH		 3612 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3613 MGMT_STATUS_INVALID_PARAMS);
3614 mgmt_pending_remove(cmd);
3615 goto failed;
f39799f5 3616 }
3fd24153 3617
7c307720 3618 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3619 if (err < 0)
3620 mgmt_pending_remove(cmd);
ff9ef578
JH		 3621 else
3622 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3623
3624failed:
09fd0de5 3625 hci_dev_unlock(hdev);
14a53664
JH		 3626 return err;
3627}
3628
1183fdca
AG		 3629static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3630{
3631 struct pending_cmd *cmd;
3632 int err;
3633
3634 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3635 if (!cmd)
3636 return -ENOENT;
3637
3638 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3639 &hdev->discovery.type, sizeof(hdev->discovery.type));
3640 mgmt_pending_remove(cmd);
3641
3642 return err;
3643}
3644
0e05bba6
AG		 3645static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3646{
3647 BT_DBG("status %d", status);
3648
3649 hci_dev_lock(hdev);
3650
3651 if (status) {
3652 mgmt_stop_discovery_failed(hdev, status);
3653 goto unlock;
3654 }
3655
3656 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3657
3658unlock:
3659 hci_dev_unlock(hdev);
3660}
3661
bdb6d971 3662static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3663 u16 len)
14a53664 3664{
d930650b 3665 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3666 struct pending_cmd *cmd;
0e05bba6 3667 struct hci_request req;
14a53664
JH		 3668 int err;
3669
bdb6d971 3670 BT_DBG("%s", hdev->name);
14a53664 3671
09fd0de5 3672 hci_dev_lock(hdev);
14a53664 3673
30dc78e1 3674 if (!hci_discovery_active(hdev)) {
bdb6d971 3675 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3676 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3677 sizeof(mgmt_cp->type));
d930650b
JH		 3678 goto unlock;
3679 }
3680
3681 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3682 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3683 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3684 sizeof(mgmt_cp->type));
30dc78e1 3685 goto unlock;
ff9ef578
JH		 3686 }
3687
2e58ef3e 3688 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3689 if (!cmd) {
3690 err = -ENOMEM;
30dc78e1
JH		 3691 goto unlock;
3692 }
3693
0e05bba6
AG		 3694 hci_req_init(&req, hdev);
3695
21a60d30 3696 hci_stop_discovery(&req);
e0d9727e 3697
21a60d30
JH		 3698 err = hci_req_run(&req, stop_discovery_complete);
3699 if (!err) {
3700 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3701 goto unlock;
14a53664
JH		 3702 }
3703
21a60d30
JH		 3704 mgmt_pending_remove(cmd);
3705
3706 /* If no HCI commands were sent we're done */
3707 if (err == -ENODATA) {
3708 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3709 &mgmt_cp->type, sizeof(mgmt_cp->type));
3710 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3711 }
14a53664 3712
30dc78e1 3713unlock:
09fd0de5 3714 hci_dev_unlock(hdev);
14a53664
JH		 3715 return err;
3716}
3717
bdb6d971 3718static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3719 u16 len)
561aafbc 3720{
650f726d 3721 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3722 struct inquiry_entry *e;
561aafbc
JH		 3723 int err;
3724
bdb6d971 3725 BT_DBG("%s", hdev->name);
561aafbc 3726
561aafbc
JH		 3727 hci_dev_lock(hdev);
3728
30dc78e1 3729 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3730 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3731 MGMT_STATUS_FAILED, &cp->addr,
3732 sizeof(cp->addr));
30dc78e1
JH		 3733 goto failed;
3734 }
3735
a198e7b1 3736 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3737 if (!e) {
d3a2541d
LR		 3738 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3739 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3740 sizeof(cp->addr));
561aafbc
JH		 3741 goto failed;
3742 }
3743
3744 if (cp->name_known) {
3745 e->name_state = NAME_KNOWN;
3746 list_del(&e->list);
3747 } else {
3748 e->name_state = NAME_NEEDED;
a3d4e20a 3749 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3750 }
3751
e384662b
JH		 3752 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3753 sizeof(cp->addr));
561aafbc
JH		 3754
3755failed:
3756 hci_dev_unlock(hdev);
561aafbc
JH		 3757 return err;
3758}
3759
bdb6d971 3760static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3761 u16 len)
7fbec224 3762{
650f726d 3763 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3764 u8 status;
7fbec224
AJ		 3765 int err;
3766
bdb6d971 3767 BT_DBG("%s", hdev->name);
7fbec224 3768
4ee71b20 3769 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3770 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3771 MGMT_STATUS_INVALID_PARAMS,
3772 &cp->addr, sizeof(cp->addr));
4ee71b20 3773
09fd0de5 3774 hci_dev_lock(hdev);
5e762444 3775
88c1fe4b 3776 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3777 if (err < 0) {
f0eeea8b 3778 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3779 goto done;
3780 }
3781
3782 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3783 sk);
3784 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3785
2a8357f2 3786done:
bdb6d971 3787 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3788 &cp->addr, sizeof(cp->addr));
5e762444 3789
09fd0de5 3790 hci_dev_unlock(hdev);
7fbec224
AJ		 3791
3792 return err;
3793}
3794
bdb6d971 3795static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3796 u16 len)
7fbec224 3797{
650f726d 3798 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3799 u8 status;
7fbec224
AJ		 3800 int err;
3801
bdb6d971 3802 BT_DBG("%s", hdev->name);
7fbec224 3803
4ee71b20 3804 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3805 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3806 MGMT_STATUS_INVALID_PARAMS,
3807 &cp->addr, sizeof(cp->addr));
4ee71b20 3808
09fd0de5 3809 hci_dev_lock(hdev);
5e762444 3810
88c1fe4b 3811 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3812 if (err < 0) {
f0eeea8b 3813 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3814 goto done;
3815 }
3816
3817 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3818 sk);
3819 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3820
2a8357f2 3821done:
bdb6d971 3822 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3823 &cp->addr, sizeof(cp->addr));
5e762444 3824
09fd0de5 3825 hci_dev_unlock(hdev);
7fbec224
AJ		 3826
3827 return err;
3828}
3829
cdbaccca
MH		 3830static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3831 u16 len)
3832{
3833 struct mgmt_cp_set_device_id *cp = data;
890ea898 3834 struct hci_request req;
cdbaccca 3835 int err;
c72d4b8a 3836 __u16 source;
cdbaccca
MH		 3837
3838 BT_DBG("%s", hdev->name);
3839
c72d4b8a
SJ		 3840 source = __le16_to_cpu(cp->source);
3841
3842 if (source > 0x0002)
3843 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3844 MGMT_STATUS_INVALID_PARAMS);
3845
cdbaccca
MH		 3846 hci_dev_lock(hdev);
3847
c72d4b8a 3848 hdev->devid_source = source;
cdbaccca
MH		 3849 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3850 hdev->devid_product = __le16_to_cpu(cp->product);
3851 hdev->devid_version = __le16_to_cpu(cp->version);
3852
3853 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3854
890ea898
JH		 3855 hci_req_init(&req, hdev);
3856 update_eir(&req);
3857 hci_req_run(&req, NULL);
cdbaccca
MH		 3858
3859 hci_dev_unlock(hdev);
3860
3861 return err;
3862}
3863
4375f103
JH		 3864static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3865{
3866 struct cmd_lookup match = { NULL, hdev };
3867
3868 if (status) {
3869 u8 mgmt_err = mgmt_status(status);
3870
3871 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3872 cmd_status_rsp, &mgmt_err);
3873 return;
3874 }
3875
3876 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3877 &match);
3878
3879 new_settings(hdev, match.sk);
3880
3881 if (match.sk)
3882 sock_put(match.sk);
3883}
3884
21b5187f
MH		 3885static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3886 u16 len)
4375f103
JH		 3887{
3888 struct mgmt_mode *cp = data;
3889 struct pending_cmd *cmd;
3890 struct hci_request req;
e6fe7986 3891 u8 val, enabled, status;
4375f103
JH		 3892 int err;
3893
3894 BT_DBG("request for %s", hdev->name);
3895
e6fe7986
JH		 3896 status = mgmt_le_support(hdev);
3897 if (status)
4375f103 3898 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3899 status);
4375f103
JH		 3900
3901 if (cp->val != 0x00 && cp->val != 0x01)
3902 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3903 MGMT_STATUS_INVALID_PARAMS);
3904
3905 hci_dev_lock(hdev);
3906
3907 val = !!cp->val;
f3d3444a 3908 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3909
f74ca9b8
JH		 3910 /* The following conditions are ones which mean that we should
3911 * not do any HCI communication but directly send a mgmt
3912 * response to user space (after toggling the flag if
3913 * necessary).
3914 */
3915 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3916 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3917 bool changed = false;
3918
f3d3444a
JH		 3919 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3920 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3921 changed = true;
3922 }
3923
3924 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3925 if (err < 0)
3926 goto unlock;
3927
3928 if (changed)
3929 err = new_settings(hdev, sk);
3930
3931 goto unlock;
3932 }
3933
3934 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3935 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3936 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3937 MGMT_STATUS_BUSY);
3938 goto unlock;
3939 }
3940
3941 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3942 if (!cmd) {
3943 err = -ENOMEM;
3944 goto unlock;
3945 }
3946
3947 hci_req_init(&req, hdev);
3948
bba3aa55
MH		 3949 if (val)
3950 enable_advertising(&req);
3951 else
3952 disable_advertising(&req);
4375f103
JH		 3953
3954 err = hci_req_run(&req, set_advertising_complete);
3955 if (err < 0)
3956 mgmt_pending_remove(cmd);
3957
3958unlock:
3959 hci_dev_unlock(hdev);
3960 return err;
3961}
3962
d13eafce
MH		 3963static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3964 void *data, u16 len)
3965{
3966 struct mgmt_cp_set_static_address *cp = data;
3967 int err;
3968
3969 BT_DBG("%s", hdev->name);
3970
62af4443 3971 if (!lmp_le_capable(hdev))
d13eafce 3972 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3973 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3974
3975 if (hdev_is_powered(hdev))
3976 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3977 MGMT_STATUS_REJECTED);
3978
3979 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3980 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3981 return cmd_status(sk, hdev->id,
3982 MGMT_OP_SET_STATIC_ADDRESS,
3983 MGMT_STATUS_INVALID_PARAMS);
3984
3985 /* Two most significant bits shall be set */
3986 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3987 return cmd_status(sk, hdev->id,
3988 MGMT_OP_SET_STATIC_ADDRESS,
3989 MGMT_STATUS_INVALID_PARAMS);
3990 }
3991
3992 hci_dev_lock(hdev);
3993
3994 bacpy(&hdev->static_addr, &cp->bdaddr);
3995
3996 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3997
3998 hci_dev_unlock(hdev);
3999
4000 return err;
4001}
4002
14b49b9a
MH		 4003static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4004 void *data, u16 len)
4005{
4006 struct mgmt_cp_set_scan_params *cp = data;
4007 __u16 interval, window;
4008 int err;
4009
4010 BT_DBG("%s", hdev->name);
4011
4012 if (!lmp_le_capable(hdev))
4013 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4014 MGMT_STATUS_NOT_SUPPORTED);
4015
4016 interval = __le16_to_cpu(cp->interval);
4017
4018 if (interval < 0x0004 || interval > 0x4000)
4019 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4020 MGMT_STATUS_INVALID_PARAMS);
4021
4022 window = __le16_to_cpu(cp->window);
4023
4024 if (window < 0x0004 || window > 0x4000)
4025 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4026 MGMT_STATUS_INVALID_PARAMS);
4027
899e1075
MH		 4028 if (window > interval)
4029 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4030 MGMT_STATUS_INVALID_PARAMS);
4031
14b49b9a
MH		 4032 hci_dev_lock(hdev);
4033
4034 hdev->le_scan_interval = interval;
4035 hdev->le_scan_window = window;
4036
4037 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4038
dd2ef8e2
AG		 4039 /* If background scan is running, restart it so new parameters are
4040 * loaded.
4041 */
4042 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4043 hdev->discovery.state == DISCOVERY_STOPPED) {
4044 struct hci_request req;
4045
4046 hci_req_init(&req, hdev);
4047
4048 hci_req_add_le_scan_disable(&req);
4049 hci_req_add_le_passive_scan(&req);
4050
4051 hci_req_run(&req, NULL);
4052 }
4053
14b49b9a
MH		 4054 hci_dev_unlock(hdev);
4055
4056 return err;
4057}
4058
33e38b3e
JH		 4059static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4060{
4061 struct pending_cmd *cmd;
4062
4063 BT_DBG("status 0x%02x", status);
4064
4065 hci_dev_lock(hdev);
4066
4067 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4068 if (!cmd)
4069 goto unlock;
4070
4071 if (status) {
4072 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4073 mgmt_status(status));
4074 } else {
1a4d3c4b
JH		 4075 struct mgmt_mode *cp = cmd->param;
4076
4077 if (cp->val)
4078 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4079 else
4080 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4081
33e38b3e
JH		 4082 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4083 new_settings(hdev, cmd->sk);
4084 }
4085
4086 mgmt_pending_remove(cmd);
4087
4088unlock:
4089 hci_dev_unlock(hdev);
4090}
4091
bdb6d971 4092static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4093 void *data, u16 len)
f6422ec6 4094{
650f726d 4095 struct mgmt_mode *cp = data;
33e38b3e
JH		 4096 struct pending_cmd *cmd;
4097 struct hci_request req;
f6422ec6
AJ		 4098 int err;
4099
bdb6d971 4100 BT_DBG("%s", hdev->name);
f6422ec6 4101
56f87901
JH		 4102 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4103 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4104 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4105 MGMT_STATUS_NOT_SUPPORTED);
4106
a7e80f25
JH		 4107 if (cp->val != 0x00 && cp->val != 0x01)
4108 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4109 MGMT_STATUS_INVALID_PARAMS);
4110
5400c044 4111 if (!hdev_is_powered(hdev))
bdb6d971 4112 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4113 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4114
4115 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4116 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4117 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4118
4119 hci_dev_lock(hdev);
4120
05cbf29f
JH		 4121 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4122 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4123 MGMT_STATUS_BUSY);
4124 goto unlock;
4125 }
4126
1a4d3c4b
JH		 4127 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4128 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4129 hdev);
4130 goto unlock;
4131 }
4132
33e38b3e
JH		 4133 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4134 data, len);
4135 if (!cmd) {
4136 err = -ENOMEM;
4137 goto unlock;
f6422ec6
AJ		 4138 }
4139
33e38b3e
JH		 4140 hci_req_init(&req, hdev);
4141
406d7804 4142 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4143
4144 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4145 if (err < 0) {
bdb6d971 4146 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4147 MGMT_STATUS_FAILED);
33e38b3e 4148 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4149 }
4150
33e38b3e 4151unlock:
f6422ec6 4152 hci_dev_unlock(hdev);
33e38b3e 4153
f6422ec6
AJ		 4154 return err;
4155}
4156
67e5a7a3
JH		 4157static void set_bredr_scan(struct hci_request *req)
4158{
4159 struct hci_dev *hdev = req->hdev;
4160 u8 scan = 0;
4161
4162 /* Ensure that fast connectable is disabled. This function will
4163 * not do anything if the page scan parameters are already what
4164 * they should be.
4165 */
4166 write_fast_connectable(req, false);
4167
4168 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4169 scan |= SCAN_PAGE;
4170 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4171 scan |= SCAN_INQUIRY;
4172
4173 if (scan)
4174 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4175}
4176
0663ca2a
JH		 4177static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4178{
4179 struct pending_cmd *cmd;
4180
4181 BT_DBG("status 0x%02x", status);
4182
4183 hci_dev_lock(hdev);
4184
4185 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4186 if (!cmd)
4187 goto unlock;
4188
4189 if (status) {
4190 u8 mgmt_err = mgmt_status(status);
4191
4192 /* We need to restore the flag if related HCI commands
4193 * failed.
4194 */
4195 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4196
4197 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4198 } else {
4199 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4200 new_settings(hdev, cmd->sk);
4201 }
4202
4203 mgmt_pending_remove(cmd);
4204
4205unlock:
4206 hci_dev_unlock(hdev);
4207}
4208
4209static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4210{
4211 struct mgmt_mode *cp = data;
4212 struct pending_cmd *cmd;
4213 struct hci_request req;
4214 int err;
4215
4216 BT_DBG("request for %s", hdev->name);
4217
4218 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4219 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4220 MGMT_STATUS_NOT_SUPPORTED);
4221
4222 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4223 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4224 MGMT_STATUS_REJECTED);
4225
4226 if (cp->val != 0x00 && cp->val != 0x01)
4227 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4228 MGMT_STATUS_INVALID_PARAMS);
4229
4230 hci_dev_lock(hdev);
4231
4232 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4233 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4234 goto unlock;
4235 }
4236
4237 if (!hdev_is_powered(hdev)) {
4238 if (!cp->val) {
0663ca2a
JH		 4239 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4240 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4241 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4242 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4243 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4244 }
4245
4246 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4247
4248 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4249 if (err < 0)
4250 goto unlock;
4251
4252 err = new_settings(hdev, sk);
4253 goto unlock;
4254 }
4255
4256 /* Reject disabling when powered on */
4257 if (!cp->val) {
4258 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4259 MGMT_STATUS_REJECTED);
4260 goto unlock;
4261 }
4262
4263 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4264 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4265 MGMT_STATUS_BUSY);
4266 goto unlock;
4267 }
4268
4269 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4270 if (!cmd) {
4271 err = -ENOMEM;
4272 goto unlock;
4273 }
4274
5947f4bc 4275 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4276 * generates the correct flags.
4277 */
4278 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4279
4280 hci_req_init(&req, hdev);
aa8af46e
JH		 4281
4282 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4283 set_bredr_scan(&req);
4284
f14d8f64
MH		 4285 /* Since only the advertising data flags will change, there
4286 * is no need to update the scan response data.
4287 */
5947f4bc 4288 update_adv_data(&req);
aa8af46e 4289
0663ca2a
JH		 4290 err = hci_req_run(&req, set_bredr_complete);
4291 if (err < 0)
4292 mgmt_pending_remove(cmd);
4293
4294unlock:
4295 hci_dev_unlock(hdev);
4296 return err;
4297}
4298
eac83dc6
MH		 4299static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4300 void *data, u16 len)
4301{
4302 struct mgmt_mode *cp = data;
4303 struct pending_cmd *cmd;
0ab04a9c 4304 u8 val, status;
eac83dc6
MH		 4305 int err;
4306
4307 BT_DBG("request for %s", hdev->name);
4308
4309 status = mgmt_bredr_support(hdev);
4310 if (status)
4311 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4312 status);
4313
5afeac14 4314 if (!lmp_sc_capable(hdev) &&
111902f7 4315 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4316 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4317 MGMT_STATUS_NOT_SUPPORTED);
4318
0ab04a9c 4319 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4320 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4321 MGMT_STATUS_INVALID_PARAMS);
4322
4323 hci_dev_lock(hdev);
4324
4325 if (!hdev_is_powered(hdev)) {
4326 bool changed;
4327
0ab04a9c 4328 if (cp->val) {
eac83dc6
MH		 4329 changed = !test_and_set_bit(HCI_SC_ENABLED,
4330 &hdev->dev_flags);
0ab04a9c
MH		 4331 if (cp->val == 0x02)
4332 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4333 else
4334 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4335 } else {
eac83dc6
MH		 4336 changed = test_and_clear_bit(HCI_SC_ENABLED,
4337 &hdev->dev_flags);
0ab04a9c
MH		 4338 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4339 }
eac83dc6
MH		 4340
4341 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4342 if (err < 0)
4343 goto failed;
4344
4345 if (changed)
4346 err = new_settings(hdev, sk);
4347
4348 goto failed;
4349 }
4350
4351 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4352 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4353 MGMT_STATUS_BUSY);
4354 goto failed;
4355 }
4356
0ab04a9c
MH		 4357 val = !!cp->val;
4358
4359 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4360 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4361 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4362 goto failed;
4363 }
4364
4365 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4366 if (!cmd) {
4367 err = -ENOMEM;
4368 goto failed;
4369 }
4370
0ab04a9c 4371 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4372 if (err < 0) {
4373 mgmt_pending_remove(cmd);
4374 goto failed;
4375 }
4376
0ab04a9c
MH		 4377 if (cp->val == 0x02)
4378 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4379 else
4380 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4381
eac83dc6
MH		 4382failed:
4383 hci_dev_unlock(hdev);
4384 return err;
4385}
4386
4e39ac81
MH		 4387static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4388 void *data, u16 len)
4389{
4390 struct mgmt_mode *cp = data;
b9710979 4391 bool changed, use_changed;
4e39ac81
MH		 4392 int err;
4393
4394 BT_DBG("request for %s", hdev->name);
4395
b9710979 4396 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4397 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4398 MGMT_STATUS_INVALID_PARAMS);
4399
4400 hci_dev_lock(hdev);
4401
4402 if (cp->val)
0663b297
JH		 4403 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4404 &hdev->dev_flags);
4e39ac81 4405 else
0663b297
JH		 4406 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4407 &hdev->dev_flags);
4e39ac81 4408
b9710979
JH		 4409 if (cp->val == 0x02)
4410 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4411 &hdev->dev_flags);
4412 else
4413 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4414 &hdev->dev_flags);
4415
4416 if (hdev_is_powered(hdev) && use_changed &&
4417 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4418 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4419 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4420 sizeof(mode), &mode);
4421 }
4422
4e39ac81
MH		 4423 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4424 if (err < 0)
4425 goto unlock;
4426
4427 if (changed)
4428 err = new_settings(hdev, sk);
4429
4430unlock:
4431 hci_dev_unlock(hdev);
4432 return err;
4433}
4434
62b04cd1
JH		 4435static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4436 u16 len)
4437{
4438 struct mgmt_cp_set_privacy *cp = cp_data;
4439 bool changed;
4440 int err;
4441
4442 BT_DBG("request for %s", hdev->name);
4443
4444 if (!lmp_le_capable(hdev))
4445 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4446 MGMT_STATUS_NOT_SUPPORTED);
4447
4448 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4449 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4450 MGMT_STATUS_INVALID_PARAMS);
4451
4452 if (hdev_is_powered(hdev))
4453 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4454 MGMT_STATUS_REJECTED);
4455
4456 hci_dev_lock(hdev);
4457
c21c0ea0
JH		 4458 /* If user space supports this command it is also expected to
4459 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4460 */
4461 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4462
62b04cd1
JH		 4463 if (cp->privacy) {
4464 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4465 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4466 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4467 } else {
4468 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4469 memset(hdev->irk, 0, sizeof(hdev->irk));
4470 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4471 }
4472
4473 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4474 if (err < 0)
4475 goto unlock;
4476
4477 if (changed)
4478 err = new_settings(hdev, sk);
4479
4480unlock:
4481 hci_dev_unlock(hdev);
4482 return err;
4483}
4484
41edf160
JH		 4485static bool irk_is_valid(struct mgmt_irk_info *irk)
4486{
4487 switch (irk->addr.type) {
4488 case BDADDR_LE_PUBLIC:
4489 return true;
4490
4491 case BDADDR_LE_RANDOM:
4492 /* Two most significant bits shall be set */
4493 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4494 return false;
4495 return true;
4496 }
4497
4498 return false;
4499}
4500
4501static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4502 u16 len)
4503{
4504 struct mgmt_cp_load_irks *cp = cp_data;
4505 u16 irk_count, expected_len;
4506 int i, err;
4507
4508 BT_DBG("request for %s", hdev->name);
4509
4510 if (!lmp_le_capable(hdev))
4511 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4512 MGMT_STATUS_NOT_SUPPORTED);
4513
4514 irk_count = __le16_to_cpu(cp->irk_count);
4515
4516 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4517 if (expected_len != len) {
4518 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4519 expected_len, len);
41edf160
JH		 4520 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4521 MGMT_STATUS_INVALID_PARAMS);
4522 }
4523
4524 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4525
4526 for (i = 0; i < irk_count; i++) {
4527 struct mgmt_irk_info *key = &cp->irks[i];
4528
4529 if (!irk_is_valid(key))
4530 return cmd_status(sk, hdev->id,
4531 MGMT_OP_LOAD_IRKS,
4532 MGMT_STATUS_INVALID_PARAMS);
4533 }
4534
4535 hci_dev_lock(hdev);
4536
4537 hci_smp_irks_clear(hdev);
4538
4539 for (i = 0; i < irk_count; i++) {
4540 struct mgmt_irk_info *irk = &cp->irks[i];
4541 u8 addr_type;
4542
4543 if (irk->addr.type == BDADDR_LE_PUBLIC)
4544 addr_type = ADDR_LE_DEV_PUBLIC;
4545 else
4546 addr_type = ADDR_LE_DEV_RANDOM;
4547
4548 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4549 BDADDR_ANY);
4550 }
4551
4552 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4553
4554 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4555
4556 hci_dev_unlock(hdev);
4557
4558 return err;
4559}
4560
3f706b72
JH		 4561static bool ltk_is_valid(struct mgmt_ltk_info *key)
4562{
4563 if (key->master != 0x00 && key->master != 0x01)
4564 return false;
490cb0b3
MH		 4565
4566 switch (key->addr.type) {
4567 case BDADDR_LE_PUBLIC:
4568 return true;
4569
4570 case BDADDR_LE_RANDOM:
4571 /* Two most significant bits shall be set */
4572 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4573 return false;
4574 return true;
4575 }
4576
4577 return false;
3f706b72
JH		 4578}
4579
bdb6d971 4580static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4581 void *cp_data, u16 len)
346af67b 4582{
346af67b
VCG		 4583 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4584 u16 key_count, expected_len;
715a5bf2 4585 int i, err;
346af67b 4586
cf99ba13
MH		 4587 BT_DBG("request for %s", hdev->name);
4588
4589 if (!lmp_le_capable(hdev))
4590 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4591 MGMT_STATUS_NOT_SUPPORTED);
4592
1f350c87 4593 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4594
4595 expected_len = sizeof(*cp) + key_count *
4596 sizeof(struct mgmt_ltk_info);
4597 if (expected_len != len) {
4598 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4599 expected_len, len);
bdb6d971 4600 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4601 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4602 }
4603
bdb6d971 4604 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4605
54ad6d8a
JH		 4606 for (i = 0; i < key_count; i++) {
4607 struct mgmt_ltk_info *key = &cp->keys[i];
4608
3f706b72 4609 if (!ltk_is_valid(key))
54ad6d8a
JH		 4610 return cmd_status(sk, hdev->id,
4611 MGMT_OP_LOAD_LONG_TERM_KEYS,
4612 MGMT_STATUS_INVALID_PARAMS);
4613 }
4614
346af67b
VCG		 4615 hci_dev_lock(hdev);
4616
4617 hci_smp_ltks_clear(hdev);
4618
4619 for (i = 0; i < key_count; i++) {
4620 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4621 u8 type, addr_type, authenticated;
79d95a19
MH		 4622
4623 if (key->addr.type == BDADDR_LE_PUBLIC)
4624 addr_type = ADDR_LE_DEV_PUBLIC;
4625 else
4626 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4627
4628 if (key->master)
2ceba539 4629 type = SMP_LTK;
346af67b 4630 else
2ceba539 4631 type = SMP_LTK_SLAVE;
346af67b 4632
61b43357
JH		 4633 switch (key->type) {
4634 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4635 authenticated = 0x00;
61b43357
JH		 4636 break;
4637 case MGMT_LTK_AUTHENTICATED:
d7b25450 4638 authenticated = 0x01;
61b43357
JH		 4639 break;
4640 default:
4641 continue;
4642 }
d7b25450 4643
35d70271 4644 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4645 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4646 key->rand);
346af67b
VCG		 4647 }
4648
715a5bf2
JH		 4649 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4650 NULL, 0);
4651
346af67b 4652 hci_dev_unlock(hdev);
346af67b 4653
715a5bf2 4654 return err;
346af67b
VCG		 4655}
4656
dd983808
AK		 4657struct cmd_conn_lookup {
4658 struct hci_conn *conn;
4659 bool valid_tx_power;
4660 u8 mgmt_status;
4661};
4662
4663static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4664{
4665 struct cmd_conn_lookup *match = data;
4666 struct mgmt_cp_get_conn_info *cp;
4667 struct mgmt_rp_get_conn_info rp;
4668 struct hci_conn *conn = cmd->user_data;
4669
4670 if (conn != match->conn)
4671 return;
4672
4673 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4674
4675 memset(&rp, 0, sizeof(rp));
4676 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4677 rp.addr.type = cp->addr.type;
4678
4679 if (!match->mgmt_status) {
4680 rp.rssi = conn->rssi;
4681
eed5daf3 4682 if (match->valid_tx_power) {
dd983808 4683 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4684 rp.max_tx_power = conn->max_tx_power;
4685 } else {
dd983808 4686 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4687 rp.max_tx_power = HCI_TX_POWER_INVALID;
4688 }
dd983808
AK		 4689 }
4690
4691 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4692 match->mgmt_status, &rp, sizeof(rp));
4693
4694 hci_conn_drop(conn);
4695
4696 mgmt_pending_remove(cmd);
4697}
4698
4699static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4700{
4701 struct hci_cp_read_rssi *cp;
4702 struct hci_conn *conn;
4703 struct cmd_conn_lookup match;
4704 u16 handle;
4705
4706 BT_DBG("status 0x%02x", status);
4707
4708 hci_dev_lock(hdev);
4709
4710 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4711 * otherwise we assume it's not valid. At the moment we assume that
4712 * either both or none of current and max values are valid to keep code
4713 * simple.
dd983808
AK		 4714 */
4715 match.valid_tx_power = !status;
4716
4717 /* Commands sent in request are either Read RSSI or Read Transmit Power
4718 * Level so we check which one was last sent to retrieve connection
4719 * handle. Both commands have handle as first parameter so it's safe to
4720 * cast data on the same command struct.
4721 *
4722 * First command sent is always Read RSSI and we fail only if it fails.
4723 * In other case we simply override error to indicate success as we
4724 * already remembered if TX power value is actually valid.
4725 */
4726 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4727 if (!cp) {
4728 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4729 status = 0;
4730 }
4731
4732 if (!cp) {
4733 BT_ERR("invalid sent_cmd in response");
4734 goto unlock;
4735 }
4736
4737 handle = __le16_to_cpu(cp->handle);
4738 conn = hci_conn_hash_lookup_handle(hdev, handle);
4739 if (!conn) {
4740 BT_ERR("unknown handle (%d) in response", handle);
4741 goto unlock;
4742 }
4743
4744 match.conn = conn;
4745 match.mgmt_status = mgmt_status(status);
4746
4747 /* Cache refresh is complete, now reply for mgmt request for given
4748 * connection only.
4749 */
4750 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4751 get_conn_info_complete, &match);
4752
4753unlock:
4754 hci_dev_unlock(hdev);
4755}
4756
4757static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4758 u16 len)
4759{
4760 struct mgmt_cp_get_conn_info *cp = data;
4761 struct mgmt_rp_get_conn_info rp;
4762 struct hci_conn *conn;
4763 unsigned long conn_info_age;
4764 int err = 0;
4765
4766 BT_DBG("%s", hdev->name);
4767
4768 memset(&rp, 0, sizeof(rp));
4769 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4770 rp.addr.type = cp->addr.type;
4771
4772 if (!bdaddr_type_is_valid(cp->addr.type))
4773 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4774 MGMT_STATUS_INVALID_PARAMS,
4775 &rp, sizeof(rp));
4776
4777 hci_dev_lock(hdev);
4778
4779 if (!hdev_is_powered(hdev)) {
4780 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4781 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4782 goto unlock;
4783 }
4784
4785 if (cp->addr.type == BDADDR_BREDR)
4786 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4787 &cp->addr.bdaddr);
4788 else
4789 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4790
4791 if (!conn || conn->state != BT_CONNECTED) {
4792 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4793 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4794 goto unlock;
4795 }
4796
4797 /* To avoid client trying to guess when to poll again for information we
4798 * calculate conn info age as random value between min/max set in hdev.
4799 */
4800 conn_info_age = hdev->conn_info_min_age +
4801 prandom_u32_max(hdev->conn_info_max_age -
4802 hdev->conn_info_min_age);
4803
4804 /* Query controller to refresh cached values if they are too old or were
4805 * never read.
4806 */
f4e2dd53
AK		 4807 if (time_after(jiffies, conn->conn_info_timestamp +
4808 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4809 !conn->conn_info_timestamp) {
4810 struct hci_request req;
4811 struct hci_cp_read_tx_power req_txp_cp;
4812 struct hci_cp_read_rssi req_rssi_cp;
4813 struct pending_cmd *cmd;
4814
4815 hci_req_init(&req, hdev);
4816 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4817 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4818 &req_rssi_cp);
4819
f7faab0c
AK		 4820 /* For LE links TX power does not change thus we don't need to
4821 * query for it once value is known.
4822 */
4823 if (!bdaddr_type_is_le(cp->addr.type) ||
4824 conn->tx_power == HCI_TX_POWER_INVALID) {
4825 req_txp_cp.handle = cpu_to_le16(conn->handle);
4826 req_txp_cp.type = 0x00;
4827 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4828 sizeof(req_txp_cp), &req_txp_cp);
4829 }
dd983808 4830
eed5daf3
AK		 4831 /* Max TX power needs to be read only once per connection */
4832 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4833 req_txp_cp.handle = cpu_to_le16(conn->handle);
4834 req_txp_cp.type = 0x01;
4835 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4836 sizeof(req_txp_cp), &req_txp_cp);
4837 }
4838
dd983808
AK		 4839 err = hci_req_run(&req, conn_info_refresh_complete);
4840 if (err < 0)
4841 goto unlock;
4842
4843 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4844 data, len);
4845 if (!cmd) {
4846 err = -ENOMEM;
4847 goto unlock;
4848 }
4849
4850 hci_conn_hold(conn);
4851 cmd->user_data = conn;
4852
4853 conn->conn_info_timestamp = jiffies;
4854 } else {
4855 /* Cache is valid, just reply with values cached in hci_conn */
4856 rp.rssi = conn->rssi;
4857 rp.tx_power = conn->tx_power;
eed5daf3 4858 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 4859
4860 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4861 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4862 }
4863
4864unlock:
4865 hci_dev_unlock(hdev);
4866 return err;
4867}
4868
95868426
JH		 4869static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
4870{
4871 struct mgmt_cp_get_clock_info *cp;
4872 struct mgmt_rp_get_clock_info rp;
4873 struct hci_cp_read_clock *hci_cp;
4874 struct pending_cmd *cmd;
4875 struct hci_conn *conn;
4876
4877 BT_DBG("%s status %u", hdev->name, status);
4878
4879 hci_dev_lock(hdev);
4880
4881 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
4882 if (!hci_cp)
4883 goto unlock;
4884
4885 if (hci_cp->which) {
4886 u16 handle = __le16_to_cpu(hci_cp->handle);
4887 conn = hci_conn_hash_lookup_handle(hdev, handle);
4888 } else {
4889 conn = NULL;
4890 }
4891
4892 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
4893 if (!cmd)
4894 goto unlock;
4895
4896 cp = cmd->param;
4897
4898 memset(&rp, 0, sizeof(rp));
4899 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
4900
4901 if (status)
4902 goto send_rsp;
4903
4904 rp.local_clock = cpu_to_le32(hdev->clock);
4905
4906 if (conn) {
4907 rp.piconet_clock = cpu_to_le32(conn->clock);
4908 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
4909 }
4910
4911send_rsp:
4912 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
4913 &rp, sizeof(rp));
4914 mgmt_pending_remove(cmd);
4915 if (conn)
4916 hci_conn_drop(conn);
4917
4918unlock:
4919 hci_dev_unlock(hdev);
4920}
4921
4922static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
4923 u16 len)
4924{
4925 struct mgmt_cp_get_clock_info *cp = data;
4926 struct mgmt_rp_get_clock_info rp;
4927 struct hci_cp_read_clock hci_cp;
4928 struct pending_cmd *cmd;
4929 struct hci_request req;
4930 struct hci_conn *conn;
4931 int err;
4932
4933 BT_DBG("%s", hdev->name);
4934
4935 memset(&rp, 0, sizeof(rp));
4936 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4937 rp.addr.type = cp->addr.type;
4938
4939 if (cp->addr.type != BDADDR_BREDR)
4940 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4941 MGMT_STATUS_INVALID_PARAMS,
4942 &rp, sizeof(rp));
4943
4944 hci_dev_lock(hdev);
4945
4946 if (!hdev_is_powered(hdev)) {
4947 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4948 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4949 goto unlock;
4950 }
4951
4952 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4953 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4954 &cp->addr.bdaddr);
4955 if (!conn || conn->state != BT_CONNECTED) {
4956 err = cmd_complete(sk, hdev->id,
4957 MGMT_OP_GET_CLOCK_INFO,
4958 MGMT_STATUS_NOT_CONNECTED,
4959 &rp, sizeof(rp));
4960 goto unlock;
4961 }
4962 } else {
4963 conn = NULL;
4964 }
4965
4966 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
4967 if (!cmd) {
4968 err = -ENOMEM;
4969 goto unlock;
4970 }
4971
4972 hci_req_init(&req, hdev);
4973
4974 memset(&hci_cp, 0, sizeof(hci_cp));
4975 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4976
4977 if (conn) {
4978 hci_conn_hold(conn);
4979 cmd->user_data = conn;
4980
4981 hci_cp.handle = cpu_to_le16(conn->handle);
4982 hci_cp.which = 0x01; /* Piconet clock */
4983 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4984 }
4985
4986 err = hci_req_run(&req, get_clock_info_complete);
4987 if (err < 0)
4988 mgmt_pending_remove(cmd);
4989
4990unlock:
4991 hci_dev_unlock(hdev);
4992 return err;
4993}
4994
8afef092
MH		 4995static void device_added(struct sock *sk, struct hci_dev *hdev,
4996 bdaddr_t *bdaddr, u8 type, u8 action)
4997{
4998 struct mgmt_ev_device_added ev;
4999
5000 bacpy(&ev.addr.bdaddr, bdaddr);
5001 ev.addr.type = type;
5002 ev.action = action;
5003
5004 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5005}
5006
2faade53
MH		 5007static int add_device(struct sock *sk, struct hci_dev *hdev,
5008 void *data, u16 len)
5009{
5010 struct mgmt_cp_add_device *cp = data;
5011 u8 auto_conn, addr_type;
5012 int err;
5013
5014 BT_DBG("%s", hdev->name);
5015
5016 if (!bdaddr_type_is_le(cp->addr.type) ||
5017 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5018 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5019 MGMT_STATUS_INVALID_PARAMS,
5020 &cp->addr, sizeof(cp->addr));
5021
5022 if (cp->action != 0x00 && cp->action != 0x01)
5023 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5024 MGMT_STATUS_INVALID_PARAMS,
5025 &cp->addr, sizeof(cp->addr));
5026
5027 hci_dev_lock(hdev);
5028
5029 if (cp->addr.type == BDADDR_LE_PUBLIC)
5030 addr_type = ADDR_LE_DEV_PUBLIC;
5031 else
5032 addr_type = ADDR_LE_DEV_RANDOM;
5033
5034 if (cp->action)
5035 auto_conn = HCI_AUTO_CONN_ALWAYS;
5036 else
5037 auto_conn = HCI_AUTO_CONN_DISABLED;
5038
bf5b3c8b
MH		 5039 /* If the connection parameters don't exist for this device,
5040 * they will be created and configured with defaults.
5041 */
d06b50ce
MH		 5042 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5043 auto_conn) < 0) {
2faade53
MH		 5044 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5045 MGMT_STATUS_FAILED,
5046 &cp->addr, sizeof(cp->addr));
5047 goto unlock;
5048 }
5049
8afef092
MH		 5050 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5051
2faade53
MH		 5052 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5053 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5054
5055unlock:
5056 hci_dev_unlock(hdev);
5057 return err;
5058}
5059
8afef092
MH		 5060static void device_removed(struct sock *sk, struct hci_dev *hdev,
5061 bdaddr_t *bdaddr, u8 type)
5062{
5063 struct mgmt_ev_device_removed ev;
5064
5065 bacpy(&ev.addr.bdaddr, bdaddr);
5066 ev.addr.type = type;
5067
5068 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5069}
5070
2faade53
MH		 5071static int remove_device(struct sock *sk, struct hci_dev *hdev,
5072 void *data, u16 len)
5073{
5074 struct mgmt_cp_remove_device *cp = data;
5075 int err;
5076
5077 BT_DBG("%s", hdev->name);
5078
5079 hci_dev_lock(hdev);
5080
5081 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5082 u8 addr_type;
5083
5084 if (!bdaddr_type_is_le(cp->addr.type)) {
5085 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5086 MGMT_STATUS_INVALID_PARAMS,
5087 &cp->addr, sizeof(cp->addr));
5088 goto unlock;
5089 }
5090
5091 if (cp->addr.type == BDADDR_LE_PUBLIC)
5092 addr_type = ADDR_LE_DEV_PUBLIC;
5093 else
5094 addr_type = ADDR_LE_DEV_RANDOM;
5095
5096 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
8afef092
MH		 5097
5098 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53
MH		 5099 } else {
5100 if (cp->addr.type) {
5101 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5102 MGMT_STATUS_INVALID_PARAMS,
5103 &cp->addr, sizeof(cp->addr));
5104 goto unlock;
5105 }
5106
373110c5 5107 hci_conn_params_clear_all(hdev);
2faade53
MH		 5108 }
5109
5110 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5111 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5112
5113unlock:
5114 hci_dev_unlock(hdev);
5115 return err;
5116}
5117
2e3c35ea 5118static const struct mgmt_handler {
04124681
GP		 5119 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5120 u16 data_len);
be22b54e
JH		 5121 bool var_len;
5122 size_t data_len;
0f4e68cf
JH		 5123} mgmt_handlers[] = {
5124 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5125 { read_version, false, MGMT_READ_VERSION_SIZE },
5126 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5127 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5128 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5129 { set_powered, false, MGMT_SETTING_SIZE },
5130 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5131 { set_connectable, false, MGMT_SETTING_SIZE },
5132 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5133 { set_pairable, false, MGMT_SETTING_SIZE },
5134 { set_link_security, false, MGMT_SETTING_SIZE },
5135 { set_ssp, false, MGMT_SETTING_SIZE },
5136 { set_hs, false, MGMT_SETTING_SIZE },
5137 { set_le, false, MGMT_SETTING_SIZE },
5138 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5139 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5140 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5141 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5142 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5143 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5144 { disconnect, false, MGMT_DISCONNECT_SIZE },
5145 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5146 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5147 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5148 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5149 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5150 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5151 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5152 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5153 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5154 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5155 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5156 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5157 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5158 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5159 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5160 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5161 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5162 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5163 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5164 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5165 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5166 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5167 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5168 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5169 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5170 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5171 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5172 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5173 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5174 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5175 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5176 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
0f4e68cf
JH		 5177};
5178
0381101f
JH		 5179int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5180{
650f726d
VCG		 5181 void *buf;
5182 u8 *cp;
0381101f 5183 struct mgmt_hdr *hdr;
4e51eae9 5184 u16 opcode, index, len;
bdb6d971 5185 struct hci_dev *hdev = NULL;
2e3c35ea 5186 const struct mgmt_handler *handler;
0381101f
JH		 5187 int err;
5188
5189 BT_DBG("got %zu bytes", msglen);
5190
5191 if (msglen < sizeof(*hdr))
5192 return -EINVAL;
5193
e63a15ec 5194 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5195 if (!buf)
5196 return -ENOMEM;
5197
5198 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5199 err = -EFAULT;
5200 goto done;
5201 }
5202
650f726d 5203 hdr = buf;
1f350c87
MH		 5204 opcode = __le16_to_cpu(hdr->opcode);
5205 index = __le16_to_cpu(hdr->index);
5206 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5207
5208 if (len != msglen - sizeof(*hdr)) {
5209 err = -EINVAL;
5210 goto done;
5211 }
5212
0f4e68cf 5213 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5214 hdev = hci_dev_get(index);
5215 if (!hdev) {
5216 err = cmd_status(sk, index, opcode,
04124681 5217 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5218 goto done;
5219 }
0736cfa8 5220
cebf4cfd 5221 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
fee746b0
MH		 5222 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags) ||
5223 test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks)) {
0736cfa8
MH		 5224 err = cmd_status(sk, index, opcode,
5225 MGMT_STATUS_INVALID_INDEX);
5226 goto done;
5227 }
bdb6d971
JH		 5228 }
5229
0f4e68cf 5230 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5231 mgmt_handlers[opcode].func == NULL) {
0381101f 5232 BT_DBG("Unknown op %u", opcode);
ca69b795 5233 err = cmd_status(sk, index, opcode,
04124681 5234 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5235 goto done;
5236 }
5237
5238 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 5239 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 5240 err = cmd_status(sk, index, opcode,
04124681 5241 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5242 goto done;
0381101f
JH		 5243 }
5244
be22b54e
JH		 5245 handler = &mgmt_handlers[opcode];
5246
5247 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5248 (!handler->var_len && len != handler->data_len)) {
be22b54e 5249 err = cmd_status(sk, index, opcode,
04124681 5250 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5251 goto done;
5252 }
5253
0f4e68cf
JH		 5254 if (hdev)
5255 mgmt_init_hdev(sk, hdev);
5256
5257 cp = buf + sizeof(*hdr);
5258
be22b54e 5259 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5260 if (err < 0)
5261 goto done;
5262
0381101f
JH		 5263 err = msglen;
5264
5265done:
bdb6d971
JH		 5266 if (hdev)
5267 hci_dev_put(hdev);
5268
0381101f
JH		 5269 kfree(buf);
5270 return err;
5271}
c71e97bf 5272
bf6b56db 5273void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5274{
1514b892 5275 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5276 return;
bb4b2a9a 5277
bf6b56db 5278 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5279}
5280
bf6b56db 5281void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5282{
5f159032 5283 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5284
1514b892 5285 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5286 return;
bb4b2a9a 5287
744cf19e 5288 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5289
bf6b56db 5290 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5291}
5292
6046dc3e
AG		 5293/* This function requires the caller holds hdev->lock */
5294static void restart_le_auto_conns(struct hci_dev *hdev)
5295{
5296 struct hci_conn_params *p;
c83ed19d 5297 bool added = false;
6046dc3e
AG		 5298
5299 list_for_each_entry(p, &hdev->le_conn_params, list) {
c83ed19d 5300 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS) {
6046dc3e 5301 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
c83ed19d
MH		 5302 added = true;
5303 }
6046dc3e 5304 }
c83ed19d
MH		 5305
5306 /* Calling hci_pend_le_conn_add will actually already trigger
5307 * background scanning when needed. So no need to trigger it
5308 * just another time.
5309 *
5310 * This check is here to avoid an unneeded restart of the
5311 * passive scanning. Since this is during the controller
5312 * power up phase the duplicate filtering is not an issue.
5313 */
5314 if (added)
5315 return;
5316
5317 hci_update_background_scan(hdev);
6046dc3e
AG		 5318}
5319
229ab39c
JH		 5320static void powered_complete(struct hci_dev *hdev, u8 status)
5321{
5322 struct cmd_lookup match = { NULL, hdev };
5323
5324 BT_DBG("status 0x%02x", status);
5325
5326 hci_dev_lock(hdev);
5327
6046dc3e
AG		 5328 restart_le_auto_conns(hdev);
5329
229ab39c
JH		 5330 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5331
5332 new_settings(hdev, match.sk);
5333
5334 hci_dev_unlock(hdev);
5335
5336 if (match.sk)
5337 sock_put(match.sk);
5338}
5339
70da6243 5340static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5341{
890ea898 5342 struct hci_request req;
70da6243 5343 u8 link_sec;
5add6af8 5344
890ea898
JH		 5345 hci_req_init(&req, hdev);
5346
70da6243
JH		 5347 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5348 !lmp_host_ssp_capable(hdev)) {
5349 u8 ssp = 1;
5e5282bb 5350
890ea898 5351 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5352 }
5add6af8 5353
c73eee91
JH		 5354 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5355 lmp_bredr_capable(hdev)) {
70da6243 5356 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5357
70da6243
JH		 5358 cp.le = 1;
5359 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5360
70da6243
JH		 5361 /* Check first if we already have the right
5362 * host state (host features set)
5363 */
5364 if (cp.le != lmp_host_le_capable(hdev) ||
5365 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5366 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5367 sizeof(cp), &cp);
70da6243 5368 }
3d1cbdd6 5369
d13eafce 5370 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5371 /* Make sure the controller has a good default for
5372 * advertising data. This also applies to the case
5373 * where BR/EDR was toggled during the AUTO_OFF phase.
5374 */
f14d8f64 5375 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5376 update_adv_data(&req);
f14d8f64
MH		 5377 update_scan_rsp_data(&req);
5378 }
441ad2d0 5379
bba3aa55
MH		 5380 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5381 enable_advertising(&req);
eeca6f89
JH		 5382 }
5383
70da6243
JH		 5384 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5385 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5386 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5387 sizeof(link_sec), &link_sec);
562fcc24 5388
70da6243 5389 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5390 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5391 set_bredr_scan(&req);
890ea898 5392 update_class(&req);
13928971 5393 update_name(&req);
890ea898 5394 update_eir(&req);
70da6243 5395 }
562fcc24 5396
229ab39c 5397 return hci_req_run(&req, powered_complete);
70da6243 5398}
562fcc24 5399
70da6243
JH		 5400int mgmt_powered(struct hci_dev *hdev, u8 powered)
5401{
5402 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5403 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5404 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5405 int err;
f0ff92fb 5406
70da6243
JH		 5407 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5408 return 0;
5409
70da6243 5410 if (powered) {
229ab39c
JH		 5411 if (powered_update_hci(hdev) == 0)
5412 return 0;
fe038884 5413
229ab39c
JH		 5414 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5415 &match);
5416 goto new_settings;
b24752fe
JH		 5417 }
5418
229ab39c
JH		 5419 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5420 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5421
5422 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5423 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5424 zero_cod, sizeof(zero_cod), NULL);
5425
5426new_settings:
beadb2bd 5427 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5428
5429 if (match.sk)
5430 sock_put(match.sk);
5431
7bb895d6 5432 return err;
5add6af8 5433}
73f22f62 5434
3eec705e 5435void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5436{
5437 struct pending_cmd *cmd;
5438 u8 status;
5439
5440 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5441 if (!cmd)
3eec705e 5442 return;
96570ffc
JH		 5443
5444 if (err == -ERFKILL)
5445 status = MGMT_STATUS_RFKILLED;
5446 else
5447 status = MGMT_STATUS_FAILED;
5448
3eec705e 5449 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5450
5451 mgmt_pending_remove(cmd);
96570ffc
JH		 5452}
5453
d1967ff8
MH		 5454void mgmt_discoverable_timeout(struct hci_dev *hdev)
5455{
5456 struct hci_request req;
d1967ff8
MH		 5457
5458 hci_dev_lock(hdev);
5459
5460 /* When discoverable timeout triggers, then just make sure
5461 * the limited discoverable flag is cleared. Even in the case
5462 * of a timeout triggered from general discoverable, it is
5463 * safe to unconditionally clear the flag.
5464 */
5465 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5466 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5467
5468 hci_req_init(&req, hdev);
4b580614
JH		 5469 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5470 u8 scan = SCAN_PAGE;
5471 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5472 sizeof(scan), &scan);
5473 }
d1967ff8 5474 update_class(&req);
9a43e25f 5475 update_adv_data(&req);
d1967ff8
MH		 5476 hci_req_run(&req, NULL);
5477
5478 hdev->discov_timeout = 0;
5479
9a43e25f
JH		 5480 new_settings(hdev, NULL);
5481
d1967ff8
MH		 5482 hci_dev_unlock(hdev);
5483}
5484
86a75645 5485void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5486{
86a75645 5487 bool changed;
73f22f62 5488
bfaf8c9f
JH		 5489 /* Nothing needed here if there's a pending command since that
5490 * commands request completion callback takes care of everything
5491 * necessary.
5492 */
5493 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5494 return;
bfaf8c9f 5495
bd107999
JH		 5496 /* Powering off may clear the scan mode - don't let that interfere */
5497 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5498 return;
5499
9a43e25f 5500 if (discoverable) {
86a75645 5501 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5502 } else {
5503 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5504 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5505 }
5506
5507 if (changed) {
5508 struct hci_request req;
5509
5510 /* In case this change in discoverable was triggered by
5511 * a disabling of connectable there could be a need to
5512 * update the advertising flags.
5513 */
5514 hci_req_init(&req, hdev);
5515 update_adv_data(&req);
5516 hci_req_run(&req, NULL);
73f22f62 5517
86a75645 5518 new_settings(hdev, NULL);
9a43e25f 5519 }
73f22f62 5520}
9fbcbb45 5521
a330916c 5522void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5523{
a330916c 5524 bool changed;
9fbcbb45 5525
d7b856f9
JH		 5526 /* Nothing needed here if there's a pending command since that
5527 * commands request completion callback takes care of everything
5528 * necessary.
5529 */
5530 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5531 return;
d7b856f9 5532
ce3f24cf
JH		 5533 /* Powering off may clear the scan mode - don't let that interfere */
5534 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5535 return;
5536
a330916c
MH		 5537 if (connectable)
5538 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5539 else
5540 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5541
beadb2bd 5542 if (changed)
a330916c 5543 new_settings(hdev, NULL);
9fbcbb45 5544}
55ed8ca1 5545
778b235a
JH		 5546void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5547{
7c4cfab8
JH		 5548 /* Powering off may stop advertising - don't let that interfere */
5549 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5550 return;
5551
778b235a
JH		 5552 if (advertising)
5553 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5554 else
5555 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5556}
5557
4796e8af 5558void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5559{
ca69b795
JH		 5560 u8 mgmt_err = mgmt_status(status);
5561
2d7cee58 5562 if (scan & SCAN_PAGE)
744cf19e 5563 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5564 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5565
5566 if (scan & SCAN_INQUIRY)
744cf19e 5567 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5568 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5569}
5570
dc4a5ee2
MH		 5571void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5572 bool persistent)
55ed8ca1 5573{
86742e1e 5574 struct mgmt_ev_new_link_key ev;
55ed8ca1 5575
a492cd52 5576 memset(&ev, 0, sizeof(ev));
55ed8ca1 5577
a492cd52 5578 ev.store_hint = persistent;
d753fdc4 5579 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5580 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5581 ev.key.type = key->type;
9b3b4460 5582 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5583 ev.key.pin_len = key->pin_len;
55ed8ca1 5584
dc4a5ee2 5585 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5586}
f7520543 5587
d7b25450
JH		 5588static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5589{
5590 if (ltk->authenticated)
5591 return MGMT_LTK_AUTHENTICATED;
5592
5593 return MGMT_LTK_UNAUTHENTICATED;
5594}
5595
53ac6ab6 5596void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5597{
5598 struct mgmt_ev_new_long_term_key ev;
5599
5600 memset(&ev, 0, sizeof(ev));
5601
5192d301
MH		 5602 /* Devices using resolvable or non-resolvable random addresses
5603 * without providing an indentity resolving key don't require
5604 * to store long term keys. Their addresses will change the
5605 * next time around.
5606 *
5607 * Only when a remote device provides an identity address
5608 * make sure the long term key is stored. If the remote
5609 * identity is known, the long term keys are internally
5610 * mapped to the identity address. So allow static random
5611 * and public addresses here.
5612 */
ba74b666
JH		 5613 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5614 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5615 ev.store_hint = 0x00;
5616 else
53ac6ab6 5617 ev.store_hint = persistent;
ba74b666 5618
346af67b 5619 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5620 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5621 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5622 ev.key.enc_size = key->enc_size;
5623 ev.key.ediv = key->ediv;
fe39c7b2 5624 ev.key.rand = key->rand;
346af67b 5625
2ceba539 5626 if (key->type == SMP_LTK)
346af67b
VCG		 5627 ev.key.master = 1;
5628
346af67b
VCG		 5629 memcpy(ev.key.val, key->val, sizeof(key->val));
5630
083368f7 5631 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5632}
5633
95fbac8a
JH		 5634void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5635{
5636 struct mgmt_ev_new_irk ev;
5637
5638 memset(&ev, 0, sizeof(ev));
5639
bab6d1e5
MH		 5640 /* For identity resolving keys from devices that are already
5641 * using a public address or static random address, do not
5642 * ask for storing this key. The identity resolving key really
5643 * is only mandatory for devices using resovlable random
5644 * addresses.
5645 *
5646 * Storing all identity resolving keys has the downside that
5647 * they will be also loaded on next boot of they system. More
5648 * identity resolving keys, means more time during scanning is
5649 * needed to actually resolve these addresses.
5650 */
5651 if (bacmp(&irk->rpa, BDADDR_ANY))
5652 ev.store_hint = 0x01;
5653 else
5654 ev.store_hint = 0x00;
5655
95fbac8a
JH		 5656 bacpy(&ev.rpa, &irk->rpa);
5657 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5658 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5659 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5660
5661 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5662}
5663
53ac6ab6
MH		 5664void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5665 bool persistent)
7ee4ea36
MH		 5666{
5667 struct mgmt_ev_new_csrk ev;
5668
5669 memset(&ev, 0, sizeof(ev));
5670
5671 /* Devices using resolvable or non-resolvable random addresses
5672 * without providing an indentity resolving key don't require
5673 * to store signature resolving keys. Their addresses will change
5674 * the next time around.
5675 *
5676 * Only when a remote device provides an identity address
5677 * make sure the signature resolving key is stored. So allow
5678 * static random and public addresses here.
5679 */
5680 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5681 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5682 ev.store_hint = 0x00;
5683 else
53ac6ab6 5684 ev.store_hint = persistent;
7ee4ea36
MH		 5685
5686 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5687 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5688 ev.key.master = csrk->master;
5689 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5690
5691 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5692}
5693
ffb5a827
AG		 5694void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
5695 u8 bdaddr_type, u16 min_interval, u16 max_interval,
5696 u16 latency, u16 timeout)
5697{
5698 struct mgmt_ev_new_conn_param ev;
5699
5700 memset(&ev, 0, sizeof(ev));
5701 bacpy(&ev.addr.bdaddr, bdaddr);
5702 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
5703 ev.store_hint = 0x00;
5704 ev.min_interval = cpu_to_le16(min_interval);
5705 ev.max_interval = cpu_to_le16(max_interval);
5706 ev.latency = cpu_to_le16(latency);
5707 ev.timeout = cpu_to_le16(timeout);
5708
5709 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
5710}
5711
94933991
MH		 5712static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5713 u8 data_len)
5714{
5715 eir[eir_len++] = sizeof(type) + data_len;
5716 eir[eir_len++] = type;
5717 memcpy(&eir[eir_len], data, data_len);
5718 eir_len += data_len;
5719
5720 return eir_len;
5721}
5722
ecd90ae7
MH		 5723void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5724 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5725 u8 *dev_class)
f7520543 5726{
b644ba33
JH		 5727 char buf[512];
5728 struct mgmt_ev_device_connected *ev = (void *) buf;
5729 u16 eir_len = 0;
f7520543 5730
b644ba33 5731 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5732 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5733
c95f0ba7 5734 ev->flags = __cpu_to_le32(flags);
08c79b61 5735
b644ba33
JH		 5736 if (name_len > 0)
5737 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5738 name, name_len);
b644ba33
JH		 5739
5740 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5741 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5742 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5743
eb55ef07 5744 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5745
ecd90ae7
MH		 5746 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5747 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5748}
5749
8962ee74
JH		 5750static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5751{
c68fb7ff 5752 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5753 struct sock **sk = data;
a38528f1 5754 struct mgmt_rp_disconnect rp;
8962ee74 5755
88c3df13
JH		 5756 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5757 rp.addr.type = cp->addr.type;
8962ee74 5758
aee9b218 5759 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5760 sizeof(rp));
8962ee74
JH		 5761
5762 *sk = cmd->sk;
5763 sock_hold(*sk);
5764
a664b5bc 5765 mgmt_pending_remove(cmd);
8962ee74
JH		 5766}
5767
124f6e35 5768static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5769{
b1078ad0 5770 struct hci_dev *hdev = data;
124f6e35
JH		 5771 struct mgmt_cp_unpair_device *cp = cmd->param;
5772 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5773
5774 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5775 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5776 rp.addr.type = cp->addr.type;
a8a1d19e 5777
b1078ad0
JH		 5778 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5779
aee9b218 5780 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5781
5782 mgmt_pending_remove(cmd);
5783}
5784
9b80ec5e 5785void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5786 u8 link_type, u8 addr_type, u8 reason,
5787 bool mgmt_connected)
f7520543 5788{
f0d6a0ea 5789 struct mgmt_ev_device_disconnected ev;
8b064a3a 5790 struct pending_cmd *power_off;
8962ee74 5791 struct sock *sk = NULL;
8962ee74 5792
8b064a3a
JH		 5793 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5794 if (power_off) {
5795 struct mgmt_mode *cp = power_off->param;
5796
5797 /* The connection is still in hci_conn_hash so test for 1
5798 * instead of 0 to know if this is the last one.
5799 */
a3172b7e
JH		 5800 if (!cp->val && hci_conn_count(hdev) == 1) {
5801 cancel_delayed_work(&hdev->power_off);
8b064a3a 5802 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5803 }
8b064a3a
JH		 5804 }
5805
12d4a3b2
JH		 5806 if (!mgmt_connected)
5807 return;
5808
57eb776f
AG		 5809 if (link_type != ACL_LINK && link_type != LE_LINK)
5810 return;
5811
744cf19e 5812 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5813
f0d6a0ea
MA		 5814 bacpy(&ev.addr.bdaddr, bdaddr);
5815 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5816 ev.reason = reason;
f7520543 5817
9b80ec5e 5818 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5819
5820 if (sk)
d97dcb66 5821 sock_put(sk);
8962ee74 5822
124f6e35 5823 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5824 hdev);
8962ee74
JH		 5825}
5826
7892924c
MH		 5827void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5828 u8 link_type, u8 addr_type, u8 status)
8962ee74 5829{
3655bba8
AG		 5830 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5831 struct mgmt_cp_disconnect *cp;
88c3df13 5832 struct mgmt_rp_disconnect rp;
8962ee74 5833 struct pending_cmd *cmd;
8962ee74 5834
36a75f1b
JD		 5835 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5836 hdev);
5837
2e58ef3e 5838 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5839 if (!cmd)
7892924c 5840 return;
8962ee74 5841
3655bba8
AG		 5842 cp = cmd->param;
5843
5844 if (bacmp(bdaddr, &cp->addr.bdaddr))
5845 return;
5846
5847 if (cp->addr.type != bdaddr_type)
5848 return;
5849
88c3df13 5850 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5851 rp.addr.type = bdaddr_type;
37d9ef76 5852
7892924c
MH		 5853 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5854 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5855
a664b5bc 5856 mgmt_pending_remove(cmd);
f7520543 5857}
17d5c04c 5858
445608d0
MH		 5859void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5860 u8 addr_type, u8 status)
17d5c04c
JH		 5861{
5862 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5863 struct pending_cmd *power_off;
5864
5865 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5866 if (power_off) {
5867 struct mgmt_mode *cp = power_off->param;
5868
5869 /* The connection is still in hci_conn_hash so test for 1
5870 * instead of 0 to know if this is the last one.
5871 */
a3172b7e
JH		 5872 if (!cp->val && hci_conn_count(hdev) == 1) {
5873 cancel_delayed_work(&hdev->power_off);
c9910d0f 5874 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5875 }
c9910d0f 5876 }
17d5c04c 5877
4c659c39 5878 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5879 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5880 ev.status = mgmt_status(status);
17d5c04c 5881
445608d0 5882 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5883}
980e1a53 5884
ce0e4a0d 5885void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5886{
5887 struct mgmt_ev_pin_code_request ev;
5888
d8457698 5889 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5890 ev.addr.type = BDADDR_BREDR;
a770bb5a 5891 ev.secure = secure;
980e1a53 5892
ce0e4a0d 5893 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5894}
5895
e669cf80
MH		 5896void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5897 u8 status)
980e1a53
JH		 5898{
5899 struct pending_cmd *cmd;
ac56fb13 5900 struct mgmt_rp_pin_code_reply rp;
980e1a53 5901
2e58ef3e 5902 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5903 if (!cmd)
e669cf80 5904 return;
980e1a53 5905
d8457698 5906 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5907 rp.addr.type = BDADDR_BREDR;
ac56fb13 5908
e669cf80
MH		 5909 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5910 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5911
a664b5bc 5912 mgmt_pending_remove(cmd);
980e1a53
JH		 5913}
5914
3eb38528
MH		 5915void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5916 u8 status)
980e1a53
JH		 5917{
5918 struct pending_cmd *cmd;
ac56fb13 5919 struct mgmt_rp_pin_code_reply rp;
980e1a53 5920
2e58ef3e 5921 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5922 if (!cmd)
3eb38528 5923 return;
980e1a53 5924
d8457698 5925 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5926 rp.addr.type = BDADDR_BREDR;
ac56fb13 5927
3eb38528
MH		 5928 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5929 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5930
a664b5bc 5931 mgmt_pending_remove(cmd);
980e1a53 5932}
a5c29683 5933
744cf19e 5934int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 5935 u8 link_type, u8 addr_type, u32 value,
04124681 5936 u8 confirm_hint)
a5c29683
JH		 5937{
5938 struct mgmt_ev_user_confirm_request ev;
5939
744cf19e 5940 BT_DBG("%s", hdev->name);
a5c29683 5941
272d90df 5942 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5943 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5944 ev.confirm_hint = confirm_hint;
39adbffe 5945 ev.value = cpu_to_le32(value);
a5c29683 5946
744cf19e 5947 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5948 NULL);
a5c29683
JH		 5949}
5950
272d90df 5951int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5952 u8 link_type, u8 addr_type)
604086b7
BG		 5953{
5954 struct mgmt_ev_user_passkey_request ev;
5955
5956 BT_DBG("%s", hdev->name);
5957
272d90df 5958 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5959 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5960
5961 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5962 NULL);
604086b7
BG		 5963}
5964
0df4c185 5965static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5966 u8 link_type, u8 addr_type, u8 status,
5967 u8 opcode)
a5c29683
JH		 5968{
5969 struct pending_cmd *cmd;
5970 struct mgmt_rp_user_confirm_reply rp;
5971 int err;
5972
2e58ef3e 5973 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5974 if (!cmd)
5975 return -ENOENT;
5976
272d90df 5977 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5978 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5979 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5980 &rp, sizeof(rp));
a5c29683 5981
a664b5bc 5982 mgmt_pending_remove(cmd);
a5c29683
JH		 5983
5984 return err;
5985}
5986
744cf19e 5987int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5988 u8 link_type, u8 addr_type, u8 status)
a5c29683 5989{
272d90df 5990 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5991 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5992}
5993
272d90df 5994int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5995 u8 link_type, u8 addr_type, u8 status)
a5c29683 5996{
272d90df 5997 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5998 status,
5999 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6000}
2a611692 6001
604086b7 6002int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6003 u8 link_type, u8 addr_type, u8 status)
604086b7 6004{
272d90df 6005 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6006 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6007}
6008
272d90df 6009int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6010 u8 link_type, u8 addr_type, u8 status)
604086b7 6011{
272d90df 6012 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6013 status,
6014 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6015}
6016
92a25256
JH		 6017int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6018 u8 link_type, u8 addr_type, u32 passkey,
6019 u8 entered)
6020{
6021 struct mgmt_ev_passkey_notify ev;
6022
6023 BT_DBG("%s", hdev->name);
6024
6025 bacpy(&ev.addr.bdaddr, bdaddr);
6026 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6027 ev.passkey = __cpu_to_le32(passkey);
6028 ev.entered = entered;
6029
6030 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6031}
6032
e546099c
MH		 6033void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6034 u8 addr_type, u8 status)
2a611692
JH		 6035{
6036 struct mgmt_ev_auth_failed ev;
6037
bab73cb6 6038 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6039 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6040 ev.status = mgmt_status(status);
2a611692 6041
e546099c 6042 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6043}
b312b161 6044
464996ae 6045void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6046{
6047 struct cmd_lookup match = { NULL, hdev };
464996ae 6048 bool changed;
33ef95ed
JH		 6049
6050 if (status) {
6051 u8 mgmt_err = mgmt_status(status);
6052 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6053 cmd_status_rsp, &mgmt_err);
464996ae 6054 return;
33ef95ed
JH		 6055 }
6056
464996ae
MH		 6057 if (test_bit(HCI_AUTH, &hdev->flags))
6058 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6059 &hdev->dev_flags);
6060 else
6061 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6062 &hdev->dev_flags);
47990ea0 6063
33ef95ed 6064 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6065 &match);
33ef95ed 6066
47990ea0 6067 if (changed)
464996ae 6068 new_settings(hdev, match.sk);
33ef95ed
JH		 6069
6070 if (match.sk)
6071 sock_put(match.sk);
33ef95ed
JH		 6072}
6073
890ea898 6074static void clear_eir(struct hci_request *req)
cacaf52f 6075{
890ea898 6076 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6077 struct hci_cp_write_eir cp;
6078
976eb20e 6079 if (!lmp_ext_inq_capable(hdev))
890ea898 6080 return;
cacaf52f 6081
c80da27e
JH		 6082 memset(hdev->eir, 0, sizeof(hdev->eir));
6083
cacaf52f
JH		 6084 memset(&cp, 0, sizeof(cp));
6085
890ea898 6086 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6087}
6088
3e248560 6089void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6090{
6091 struct cmd_lookup match = { NULL, hdev };
890ea898 6092 struct hci_request req;
c0ecddc2 6093 bool changed = false;
ed2c4ee3
JH		 6094
6095 if (status) {
6096 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6097
6098 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6099 &hdev->dev_flags)) {
6100 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6101 new_settings(hdev, NULL);
9ecb3e24 6102 }
c0ecddc2 6103
04124681
GP		 6104 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6105 &mgmt_err);
3e248560 6106 return;
c0ecddc2
JH		 6107 }
6108
6109 if (enable) {
9ecb3e24 6110 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6111 } else {
9ecb3e24
MH		 6112 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6113 if (!changed)
6114 changed = test_and_clear_bit(HCI_HS_ENABLED,
6115 &hdev->dev_flags);
6116 else
6117 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6118 }
6119
6120 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6121
c0ecddc2 6122 if (changed)
3e248560 6123 new_settings(hdev, match.sk);
ed2c4ee3 6124
5fc6ebb1 6125 if (match.sk)
ed2c4ee3
JH		 6126 sock_put(match.sk);
6127
890ea898
JH		 6128 hci_req_init(&req, hdev);
6129
3769972b
JH		 6130 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6131 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6132 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6133 sizeof(enable), &enable);
890ea898 6134 update_eir(&req);
3769972b 6135 } else {
890ea898 6136 clear_eir(&req);
3769972b 6137 }
890ea898
JH		 6138
6139 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6140}
6141
eac83dc6
MH		 6142void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6143{
6144 struct cmd_lookup match = { NULL, hdev };
6145 bool changed = false;
6146
6147 if (status) {
6148 u8 mgmt_err = mgmt_status(status);
6149
0ab04a9c
MH		 6150 if (enable) {
6151 if (test_and_clear_bit(HCI_SC_ENABLED,
6152 &hdev->dev_flags))
6153 new_settings(hdev, NULL);
6154 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6155 }
eac83dc6
MH		 6156
6157 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6158 cmd_status_rsp, &mgmt_err);
6159 return;
6160 }
6161
0ab04a9c 6162 if (enable) {
eac83dc6 6163 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6164 } else {
eac83dc6 6165 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6166 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6167 }
eac83dc6
MH		 6168
6169 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6170 settings_rsp, &match);
6171
6172 if (changed)
6173 new_settings(hdev, match.sk);
6174
6175 if (match.sk)
6176 sock_put(match.sk);
6177}
6178
92da6097 6179static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6180{
6181 struct cmd_lookup *match = data;
6182
90e70454
JH		 6183 if (match->sk == NULL) {
6184 match->sk = cmd->sk;
6185 sock_hold(match->sk);
6186 }
90e70454
JH		 6187}
6188
4e1b0245
MH		 6189void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6190 u8 status)
7f9a903c 6191{
90e70454 6192 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6193
92da6097
JH		 6194 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6195 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6196 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6197
6198 if (!status)
4e1b0245
MH		 6199 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6200 NULL);
90e70454
JH		 6201
6202 if (match.sk)
6203 sock_put(match.sk);
7f9a903c
MH		 6204}
6205
7667da34 6206void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6207{
b312b161 6208 struct mgmt_cp_set_local_name ev;
13928971 6209 struct pending_cmd *cmd;
28cc7bde 6210
13928971 6211 if (status)
7667da34 6212 return;
b312b161
JH		 6213
6214 memset(&ev, 0, sizeof(ev));
6215 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6216 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6217
2e58ef3e 6218 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6219 if (!cmd) {
6220 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6221
13928971
JH		 6222 /* If this is a HCI command related to powering on the
6223 * HCI dev don't send any mgmt signals.
6224 */
6225 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6226 return;
890ea898 6227 }
b312b161 6228
7667da34
MH		 6229 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6230 cmd ? cmd->sk : NULL);
b312b161 6231}
c35938b2 6232
4d2d2796
MH		 6233void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6234 u8 *randomizer192, u8 *hash256,
6235 u8 *randomizer256, u8 status)
c35938b2
SJ		 6236{
6237 struct pending_cmd *cmd;
c35938b2 6238
744cf19e 6239 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6240
2e58ef3e 6241 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6242 if (!cmd)
3edaf092 6243 return;
c35938b2
SJ		 6244
6245 if (status) {
3edaf092
MH		 6246 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6247 mgmt_status(status));
c35938b2 6248 } else {
4d2d2796
MH		 6249 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6250 hash256 && randomizer256) {
6251 struct mgmt_rp_read_local_oob_ext_data rp;
6252
6253 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6254 memcpy(rp.randomizer192, randomizer192,
6255 sizeof(rp.randomizer192));
c35938b2 6256
4d2d2796
MH		 6257 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6258 memcpy(rp.randomizer256, randomizer256,
6259 sizeof(rp.randomizer256));
c35938b2 6260
4d2d2796
MH		 6261 cmd_complete(cmd->sk, hdev->id,
6262 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6263 &rp, sizeof(rp));
6264 } else {
6265 struct mgmt_rp_read_local_oob_data rp;
6266
6267 memcpy(rp.hash, hash192, sizeof(rp.hash));
6268 memcpy(rp.randomizer, randomizer192,
6269 sizeof(rp.randomizer));
6270
6271 cmd_complete(cmd->sk, hdev->id,
6272 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6273 &rp, sizeof(rp));
6274 }
c35938b2
SJ		 6275 }
6276
6277 mgmt_pending_remove(cmd);
c35938b2 6278}
e17acd40 6279
901801b9 6280void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6281 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6282 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6283{
e319d2e7
JH		 6284 char buf[512];
6285 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 6286 struct smp_irk *irk;
1dc06093 6287 size_t ev_size;
e17acd40 6288
12602d0c 6289 if (!hci_discovery_active(hdev))
901801b9 6290 return;
12602d0c 6291
5d2e9fad
JH		 6292 /* Make sure that the buffer is big enough. The 5 extra bytes
6293 * are for the potential CoD field.
6294 */
6295 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6296 return;
7d262f86 6297
1dc06093
JH		 6298 memset(buf, 0, sizeof(buf));
6299
5cedbb8d
JH		 6300 irk = hci_get_irk(hdev, bdaddr, addr_type);
6301 if (irk) {
6302 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
6303 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
6304 } else {
6305 bacpy(&ev->addr.bdaddr, bdaddr);
6306 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6307 }
6308
e319d2e7 6309 ev->rssi = rssi;
af58925c 6310 ev->flags = cpu_to_le32(flags);
e17acd40 6311
1dc06093 6312 if (eir_len > 0)
e319d2e7 6313 memcpy(ev->eir, eir, eir_len);
e17acd40 6314
1dc06093
JH		 6315 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6316 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6317 dev_class, 3);
1dc06093 6318
5d2e9fad
JH		 6319 if (scan_rsp_len > 0)
6320 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6321
6322 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6323 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6324
901801b9 6325 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6326}
a88a9652 6327
9cf12aee
MH		 6328void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6329 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6330{
b644ba33
JH		 6331 struct mgmt_ev_device_found *ev;
6332 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6333 u16 eir_len;
a88a9652 6334
b644ba33 6335 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6336
b644ba33
JH		 6337 memset(buf, 0, sizeof(buf));
6338
6339 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6340 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6341 ev->rssi = rssi;
6342
6343 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6344 name_len);
b644ba33 6345
eb55ef07 6346 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6347
9cf12aee 6348 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6349}
314b2381 6350
2f1e063b 6351void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6352{
f963e8e9 6353 struct mgmt_ev_discovering ev;
164a6e78
JH		 6354 struct pending_cmd *cmd;
6355
343fb145
AG		 6356 BT_DBG("%s discovering %u", hdev->name, discovering);
6357
164a6e78 6358 if (discovering)
2e58ef3e 6359 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6360 else
2e58ef3e 6361 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6362
6363 if (cmd != NULL) {
f808e166
JH		 6364 u8 type = hdev->discovery.type;
6365
04124681
GP		 6366 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6367 sizeof(type));
164a6e78
JH		 6368 mgmt_pending_remove(cmd);
6369 }
6370
f963e8e9
JH		 6371 memset(&ev, 0, sizeof(ev));
6372 ev.type = hdev->discovery.type;
6373 ev.discovering = discovering;
6374
2f1e063b 6375 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6376}
5e762444 6377
5976e608
MH		 6378static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6379{
6380 BT_DBG("%s status %u", hdev->name, status);
6381
6382 /* Clear the advertising mgmt setting if we failed to re-enable it */
6383 if (status) {
6384 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6385 new_settings(hdev, NULL);
5976e608
MH		 6386 }
6387}
6388
6389void mgmt_reenable_advertising(struct hci_dev *hdev)
6390{
6391 struct hci_request req;
6392
b145edcd 6393 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6394 return;
6395
6396 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6397 return;
6398
6399 hci_req_init(&req, hdev);
6400 enable_advertising(&req);
6401
6402 /* If this fails we have no option but to let user space know
6403 * that we've disabled advertising.
6404 */
6405 if (hci_req_run(&req, adv_enable_complete) < 0) {
6406 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6407 new_settings(hdev, NULL);
5976e608
MH		 6408 }
6409}
Linux kernel - Deliverables
This page took 0.677509 seconds and 5 git commands to generate.